Ransomware attacks have increased manifold over the years and so have the ransom demands. This year-over-year evolution of ransomware threats is primarily attributed to emerging tactics, techniques, and procedures adopted by attackers.
Most common intrusion point
According to a report from Group-IB, Remote Desktop Protocol (RDP) was the common point of intrusion for ransomware in 2019. Vulnerable Windows RDP ports were abused in 70-80% of all ransomware attacks in 2019 to gain an initial foothold.
Big-league players like Ryuk, LockerGoga, REvil, MegaCortex, Maze, and NetWalker used open RDP port to sneak into a company’s networks and servers.
Other attack methods
The report also highlighted that exploit kits, external remote services, spear-phishing attachments, and valid accounts are other attack techniques used by ransomware operators to gain access to victims’ computers.
More advanced ransomware actors rely on supply-chain compromise, exploiting unpatched vulnerabilities in public-facing applications, and compromising managed service providers (MSPs) to obtain access to valuable targets.
Further tactics adopted by attackers
Once attackers gain an initial foothold on targeted computers, they deploy their tools and move to the next stages for establishing persistence, escalating privileges, evading detection, acquiring credentials, mapping the network, stealing files, and then encrypting them.
Evasion techniques evolve
Evading detection while continuing to spread the ransomware remains the primary focus of threat actors.
Some of the widely used detection evasion techniques include disabling security tools on a victim’s computer, disguising ransomware as legitimate software, and bypassing User Account Control (UAC).
However, there are a few ransomware families that have evolved their anti-analysis techniques to spread stealthy across computers. For example, Netwalker operators leverage a reflective DLL Loading technique to improve ransom ..
Support the originator by clicking the read the rest link below.
