Strategies for Faster Detection and Response

Critical Infrastructure Security
Cybercrime as-a-service

Sophos’ Peter Mackenzie Describes Typical Attack Life Cycle and Data Exfiltration Moves

Peter Mackenzie, incident response manager, Sophos

What is the life cycle of a typical ransomware attack, and how can organizations get better at detecting and blocking this criminal activity?

See Also: Live Panel | Zero Trusts Given- Harnessing the Value of the Strategy

“One of the common mistakes people make with a ransomware attack is they come in in the morning, they see their data has been encrypted, and they think the attack happened that night,” says Peter Mackenzie, the incident response manager for security firm Sophos.

But while the crypto-locking malware may well have just been triggered, typically attackers have been inside the network for much longer. Mackenzie says attackers “often deploy the ransomware overnight when fewer admins are watching, but the actual attack is normally days or weeks longer than that; it does take time to organize these things.”

In a video interview with Information Security Media Group, Mackenzie discusses:

  • The life cycle of a typical ransomware attack;
  • Top tactics criminals use for hitting networks and exfiltrating data;
  • Best practices for helping organizations more quickly spot and block attacks.

Mackenzie, who has…