typical stages of ransomware attack
- Initiation
- Attacker gains entry, perhaps through a successful phishing attack, exploiting software vulnerabilities, abusing RDP or entry via stolen credentials
- Establish Foothold & Beaconing (C2)
- Once attacker is in, they make contact with the breached device and establish a foothold to control the attack remotely
- Lateral Movement
- Attacker begins internal reconnaissance of digital estate and sensitive data, escalating privileges to gain admin rights
- Data Exfiltration
- Key data is transferred outside organization and backups destroyed before encryption
- Data Encryption
- Either symmetric or asymmetric encryption corrupts as much data as possible before attack is detected
- Ransom - $
- Attackers request payment in return for a decryption key and threaten the release of sensitive exfiltrated data
- Clean up & Recovery
- Organization attempts to return its digital environment to order and secure vulnerabilities which allowed the initial attack to happen
- The Cycle Repeats
- Approximately 80% of ransomware victims will in fact be targeted again in the future