Ransomware Resilience – Identifying Precursor Activity to Stave Off a Ransomware Attack

To stay ahead of ransomware, organizations benefit by detecting other malicious activities that often precede the final deployment of a ransomware attack. More often than not, adversaries spend weeks to months on victims’ networks before the actual ransomware encryption code is executed. Therefore, when organizations prioritize proactive detection of malicious behaviors, the chance of succumbing to a ransomware attack will likely decrease. The three most common types of malware or tools deployed before a ransomware attack include trojans, information stealers, and penetration testing tools. Trojans are typically employed to gain initial access to a victim’s network, often via phishing attacks. Information stealers harvest credentials and other data from victim devices that often contain key information on valuable assets to compromise. Finally, penetration testing tools, such as Cobalt Strike, are legitimate applications that threat actors often leverage in ransomware campaigns to scan networks and deploy additional malware. Ultimately, a holistic cybersecurity strategy should involve malware threat hunting in addition to regular patching, employee training, and more. Read more at Intel471.