I recently read a great article about ransomware, and while it was extremely geared toward techies, I thought it would be great to simplify it for time’s sake.
The first thing to understand before I go into detail is that hackers don’t wake up to find you and hit you with ransomware. It is a skilled and timed precise attack. These aren’t just kids sitting in the basement on their Commodore64 anymore, these are highly skilled and well funded criminals.
Stage 1) Hackers will gain access through phishing emails, websites, etc. to get in to to your environment. Hence why awareness and proper handling is so important.
Stage 2) Depending on the initial tool used to access your system, a remote access tool or malware may be loaded, and in comes the trojan. Now they can start working.
Stage 3) Now that they are in they will focus on exploring the local system and domain they have got access to and begin acquiring credentials (usernames, passwords…) this will allow them to dig in deeper. They have all the tools needed to do this.
Stage 4) Now they are doing their reconnaissance, collecting data and identifying what is valuable and exfiltrating it. All this moving around your systems is happening without anyone knowing within your organization! The data they harvest is usually only the best most critical to your business. Otherwise you wouldn’t pay, would you?
Stage 5) ATTACK!!! The hackers have been floating around your systems laterally for a while now (days, weeks, months, years) collecting everything they need and want. Now it’s time to launch the attack when you are at your weakest and they know they have you! You start up and get that horrifying message that you’ve been locked out and they have you!
Now you go in to damage control after you restart your heart and try to figure out what and how to get back up and running, how much will it cost you, how long will it take, and how will you face the people who have trusted you with sensitive information? Remember as I’ve stated before it’s not just your financial loss but the harder thing to get back is reputation!
I hope this article gives you the proper initiative to take the next steps to ensure yours’ and your customers environments are protected. Stay safe.