Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. Then if the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.
That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.
During this webcast, Randy Franklin Smith from Ultimate Windows Security provided an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discussed detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:
- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)
Then, Brian Coulson from LogRhythm’s Threat Research team demonstrated how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.
Watch the on-demand webcast now to learn about the latest trends in ransomware and how you can protect your organization from them.