Sunday, February 21, 21:02
Home security Security researchers analyze the "anatomy" of an attack ransomware!

Security researchers analyze the "anatomy" of a ransomware attack!

Researchers from the security technology company Sentinel One analyzed the "anatomy" of a ransomware attack, showing how hackers invaded a network and developed ransomware in just two weeks. In particular, security researchers examined one server used by hackers in October 2019 to turn a relatively "minor" security breach into a corporate network into a catastrophic attack using Ryuk ransomware. These data can be very important for understanding the tactics and techniques that hackers use in their attacks.

Initially, security investigators found that the network was infected Trickbot malware. Just the network violated by Trickbot malware, hackers began searching for what they had managed to obtain access, while at the same time looking for ways to make money from this achievement.

ransomware attacks

One of Sentinel One's security investigators, Joshua Platt, told ZDNet that after a while, hackers began "scanning" the network, trying to map it out and figure out what it was. The ultimate goal of their mission was to extract money from the network and its data. In other words, they just realized they could make money from it infringement, persistently sought illegal profit.

In addition, in the event that the researchers examined, the hackers decided to exploit the network breach, they used tools such as PowerTrick and Cobalt Strike to secure their stay on the network and proceed with further exploration, looking for open doors and more Appliances to which they could gain access. They then proceeded to the ransomware phase of the attack. It took about two weeks from the initial infection with TrickBot to the start of the Ryuk malware attack, according to Sentinel One, based on the data it collected.

The Ryuk malware first appeared in August 2018 and was responsible for a number of global attacks, according to an advisory issued last year by the UK's National Security Center in cyberspace.

ransomware attacks

Concerning the ransom required for ransomware, these are defined on the basis of the hacker's ability to pay the victim, and it may take days or even months from the initial infection to the activation of the ransomware, as the hackers need time to identify the most critical network systems. However, the NCSC said that this delay gave the targets a chance to stop activating the ransomware if they could detect this first infection.

In accordance with FBI, Ryuk malware is making a huge profit for the hackers behind it, as it brought them about $ 61 million in ransom between February 2018 and October 2019. The success of Ryuk malware in forcing companies to pay ransom means that Hackers have a way of evolving and stepping up their attacks. Their power will be further enhanced as they now have more money and more ability to recruit even more talent. Ransomware also continues to evolve. According to Platt, in the beginning of ransomware, hackers demanded a ransom of $ 300, but now they are trading millions of dollars. The next step, according to Platt, will be to look at more sophisticated blackmail attempts, arguing that hackers are looking for information on networks that will be their best "weapon" to blackmail target companies.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...