Wednesday, September 16, 02:22
Home security Security researchers analyze the "anatomy" of an attack ransomware!

Security researchers analyze the "anatomy" of an attack ransomware!

Researchers from the security technology company Sentinel One analyzed the "anatomy" of a ransomware attack, showing how hackers invaded a network and developed ransomware in just two weeks. In particular, security researchers examined one server used by hackers in October 2019, to turn a relatively "small" security breach into a corporate network, into a devastating attack using Ryuk ransomware. These data can be very important for understanding the tactics and techniques that hackers use in their attacks.

Initially, security investigators found that the network was infected Trickbot malware. Just the network violated by Trickbot malware, hackers began searching for what they had managed to obtain access, while at the same time looking for ways to make money from this achievement.

ransomware attacks

Joshua Platt, one of Sentinel One's security researchers, told ZDNet that after a while, the hackers began to "scan" the network, trying to map it out and find out who it was. The ultimate goal of their mission was to make money from the network and its data. In other words, they just realized that they could make money from it infringement, persistently sought illegal profit.

In addition, in the event that the researchers examined, the hackers decided to exploit the network breach, they used tools such as PowerTrick and Cobalt Strike to secure their stay on the network and proceed with further exploration, looking for open doors and more Appliances to which they could gain access. They then proceeded to the ransomware phase of the attack. It took about two weeks from the initial infection with TrickBot to the start of the Ryuk malware attack, according to Sentinel One, based on the data it collected.

The Ryuk malware first appeared in August 2018 and was responsible for a number of global attacks, according to an advisory issued last year by the UK's National Security Center in cyberspace.

ransomware attacks

Concerning the ransom required for ransomware, these are defined on the basis of the hacker's ability to pay the victim, and it may take days or even months from the initial infection to the activation of the ransomware, as the hackers need time to identify the most critical network systems. However, the NCSC said that this delay gave the targets a chance to stop activating the ransomware if they could detect this first infection.

In accordance with FBI, Ryuk malware offers big profits to hackers behind it, as it brought them about $ 61 million in ransom between February 2018 and October 2019. Ryuk malware's success in forcing companies to pay ransom means that Hackers have a way of evolving and intensifying their attacks. Their strength will be further enhanced, as they now have more money and more ability to hire even more talent. The ransomware also continues to evolve. According to Platt, at the beginning of ransomware, hackers were asking for a ransom of $ 300, but now they are negotiating millions of dollars. The next step, according to Platt, will be to look at more complex attempts at blackmail, arguing that hackers are looking for networking elements that will be their best "weapon" to blackmail target companies.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Orange Tsai: How (again) I hacked Facebook!

The following article is about the personal experience of Orange Tsai, so he literally quotes his words about how he managed to ...

Adidas: New technology for high performance sneakers

Adidas seems to be ready to look into the eyes of its eternal rival Nike, in the race for the best big shoes ...

How to monitor CPU usage on your Mac Dock?

If you often use applications that consume a lot of your processor power, it is good to monitor the CPU usage of ...

Facebook: Employee accuses platform of political manipulation

Facebook ignored or was slow to act on evidence, as fake accounts on its platform undermine elections and politics ...

Pandemic: Hackers targeted construction companies

During the first six months of the year and as the COVID-19 pandemic brought huge changes in the daily life of the whole world, the ...

Facebook: The new Climate Change Information Center

As part of its efforts against climate change, Facebook has launched the Climate Change Information Center. Its purpose is ...

Schools are an easy target for ransomware gangs

Maze ransomware operators are behind a series of attacks on schools in the United States. Due to ...

C ++ programming language: A new extension for VS Code is released

Microsoft has released a new version of the C ++ programming language extension for the popular open source editor, Visual Studio ...

Data from Optima Italia SpA were exposed after an attack

The DoppelPaymer team published the first data it managed to steal from Optima Italia SpA, an Italian company that provides services ...

AirPods Pro: Have you seen the impressive new features?

The new 3A283 firmware released by Apple for the AirPods Pro seems to introduce Spatial Audio support, in combination with ...