In a recent interview with Deepen Desai, Global CISO and Head of Security Research at Zscaler, we discussed the evolving threat landscape and the company’s innovative approach to combating the ever-growing threat of ransomware.
Traditional ransomware attacks primarily focused on encrypting the victim’s files and demanding a ransom for the decryption key to unlock the encrypted business data. This approach has undergone several transformations over the years, with attackers increasingly adding the component of stealing data and even weaponizing payloads to propagate laterally within the IT environment.
Deepen noted the latest shift, encryptionless attacks, explaining: “Some of the large and more successful ransomware families have also started what they’re calling encryptionless attacks. This is where they will not encrypt a file, instead they will expel large volume of data, often over 10 terabytes. The gangs go to the full sequence of attack using weaponized payloads, using a vulnerability exploit to move laterally, establish environment wide persistence and then just steal data. But they don’t encrypt the data, don’t cause any business disruption.”
Why the Shift to Encryptionless Attacks?
The shift towards encryptionless attacks can be attributed to several factors, including an increased focus from law enforcement and regional agencies, potential fines, and public scrutiny. By avoiding encryption and the ensuing disruption of businesses, the ransomware gangs stay out of the news, the targeted business remains unexposed, and both parties potentially avoid legal attention.
Deepen added, “It’s a win-win situation for them. In fact, some of these groups have started calling these attacks a post exploitation penetration testing exercise. It’s basically a ransomware attack, but they’re calling it pen testing.”
Interestingly, Deepen also highlighted how some ransomware gangs ar ..
Support the originator by clicking the read the rest link below.
