Understanding these nine ransomware stages can help harden cyber defenses

/in


Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact.

First, some background: One of the reasons for ransomware’s continuing success, according to Chainalysis, is the success of what is popularly called “big-game hunting,” or going after large enterprises with deep pockets and the promise of big ransom rewards. Witness the reach of the Clop gang with exploits of Progress Software Corp.’s MOVEit file transfer software. Chainalysis estimates an average payout of $1.7 million per victim.

But the trend has other contributing factors, such as an increased number of successful attacks on smaller targets. Also, as more victims refuse to pay some security analysts think this has motivated attackers to ask for higher ransoms across the board or use more extortion techniques to convince victims to pay. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

To bring more clarity to the rise in ransom payments, we examined reports by six security firms that tried to categorize the various steps involved in a typical ransomware attack:

  • EJ2 Communications Inc. Flashpoint’s Anatomy of a Ransomware attack (seven stages, July 2023)
  • Google LLC Mandiant’s m-Trends June 2023 report (which breaks down the recent Ukrainian cyberattacks into five stages)
  • Palo Alto Networks Inc. Unit 42’s Stages of a Ransomware attack (five stages, February 2023)
  • Blackberry Ltd.’s Anatomy of a Ransomware attack (eight stages, October 2022)
  • JP Morgan Chase & Co.’s Anatomy of a Ransomware attack (five stages, September 2022)
  • Darktrace PLC’s Nine Stages of Ransomware (it is really six discrete stages, December 2021)

Many of these companies have ulterior motives in laying out their ransomware models, in that they sell research based on their own telemetry (such as Palo Alto Networks and Mandiant) or products that can help find or mitigate malware…

Source…