White paper: Ransomware decoded
Though ransomware attacks dropped significantly in early 2018, over the past several years they have re-emerged with a vengeance. Ransom payments have also shot up; in December 2019 the average ransom pay-out to an attacker was over $80 000.
Today’s attackers are not only holding data ransom, but stealing it to sell on the Internet. This shows a trend where attackers aren’t just executing ransomware, they are persisting on the network, successfully exfiltrating data and then finally deploying ransomware.
Many types of malware silently persist on the network, move laterally, communicate with their C2, or obfuscate their behaviours to prevent detection. In contrast to this, traditional ransomware was all about coming in with a big splash and causing immediate damage. The goal was to get on the machine and ransom data, and that was it. The sooner the malware could encrypt files, the less risky the attack, and the more likely the attacker would make money.