Ransomware is nothing new. But the tactics, techniques and procedures (TTPs) leveraged by threat actors have reached new levels of sophistication over the last few years. And with that growth has come an increased difficulty in protecting networks against costly attacks such as the recent DarkSide one on the Colonial Pipeline.
Initially, threat actors solely used ransomware-related malware to restrict access to user data by encrypting files on individual or organizational devices. In return for the decryption key, victims were required to pay a ransom in Bitcoin. The malware at the time typically spread via malspam, also known as malicious spam. Malspam is a prevalent and effective method for delivering emails in bulk containing a malicious link or an infected document. Once a victim has opened the file, a macro runs in the background and infects your devices with a piece of malware designed to encrypt files. If you don’t pay the ransom or don’t have a set of backups, you lose all data on the device. A well-known example of this is the Necurs botnet used to distribute Locky Ransomware via Malspam campaigns in 2016.
Educational Webinars, Videos & Podcasts: Receive cutting-edge insights and invaluable resources, empowering you to stay ahead in the dynamic world of security.
Empowering Content: At your computer or on-the-go, stay up-to-date when you receive our eNewsletters curated with the latest technology and services that address physical, logical, cyber and enterprise resilience.
Unlimited Article Access: Dive deep into the world of cybersecurity and risk management leadership with unlimited access to our library of online articles.