Ransomware is one of the most critical cybersecurity problems on the internet and possibly the most powerful form of cybercrime plaguing organizations today. It has rapidly become one of the most important and profitable malware families among Threat Actors (TAs). In a typical scenario, the ransomware infection starts with the TA gaining access to the target system. Depending on the type of ransomware, it can infect the entire operating system or encrypts individual files. The TAs will then typically demand payment from the victim for the decryption of their files.
MALWARE FAMILIES: Octocrypt, AXLocker, Alice
ATT&CK IDS: T1566 - Phishing, T1218 - Signed Binary Proxy Execution, T1134 - Access Token Manipulation, T1020 - Automated Exfiltration, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1087 - Account Discovery, T1204 - User Execution, T1486 - Data Encrypted for Impact, T1497 - Virtualization/Sandbox Evasion, T1528 - Steal Application Access Token, T1547 - Boot or Logon Autostart Execution
Read More:
Comments