Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.
That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.
During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:
- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)
Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.
Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.