Emerging Ransomware Attacks 

Emerging Ransomware Attacks 

The topic of ransomware has been covered in the headlines regularly over the past few years as an increasing number of organizations are seeing ransomware emerge as a critical threat against company assets. The concept of holding computers ransom is not new and has been around for some time. Issues that ransomware operators faced in the early stages of holding systems ransom were due to difficulties in collecting payment from those who fell victim to their malicious download. It was not until the 2000’s that the emergence of cryptocurrencies, such as Bitcoin in 2010 provided attackers an easy and somewhat anonymous method for receiving payment from their victims. As virtual currencies become more apparent to attackers, the opportunity for ransomware slowly formed into the lucrative business it is today. 

Recent ransomware attacks 

As the monetization portion of ransomware operations changed, so did the tactics, techniques, and procedures. Early in the lifecycle of ransomware, threat actors would target a single user or a smaller group. This former method does not have a high monetary return and is a much slower method of infecting systems and earning money. In more recent years, threat actors have aimed to conduct attacks on a larger scale by attempting to phish employees in hopes of gaining a foothold on an internal system, bypassing requirements such as multi-factor authentication a VPN in the process. After obtaining a foothold in a company’s network, the crafted payload could use the initially infected computer to conduct “spray and pray” style tactics in an attempt to laterally move from one system to another, infecting computers in the process. 

Depending on how the ransomware is developed, operators may also conduct more sophisticated actions. Typically, these actions follow the same methodology as a penetration test. Once the ransomware is on the initial system, an operator may both passively and actively scan to directly interface with specific systems that may be vulnerable on the network. Once the attacker identifies a weakness in the network, the attacker will then attempt to leverage the identified issue to escalate their privileges and/or laterally move. As the operator gains further access to the network, they will begin establishing persistence and infecting systems.

How to mitigate ransomware attacks 

Netragard offers services such as realistic social engineering and internal network assessments to emulate sophisticated ransomware operators. Netragard’s Real Time Dynamic Testing™ can help you improve your security posture and reduce the attack surface to help secure your network. If you are interested in knowing more about penetration testing or to schedule a penetration test, Contact Us!  

Noah Tongate, Netragard 
Offensive Security Engineer 

 

Blog Posts

Karen Huggins

Chief Financial, HR and Admin Officer
Karen joined the Netragard team in 2017 and oversees Netragard’s financial, human resources as well as administration functions. She also provides project management support to the operations and overall strategy of Netragard.
 
Prior to joining Netragard, she worked at RBC Investor Services Bank in Luxembourg in the role of Financial Advisor to the Global CIO of Investor Services, as well as several years managing the Financial Risk team to develop and implement new processes in line with regulatory requirements around their supplier services/cost and to minimize the residual risk to the organization.
 
With over 20 years of experience in finance with global organizations, she brings new perspective that will help the organization become more efficient as a team. She received her Bachelor of Finance from The Florida State University in the US and her Master of Business Administration at ESSEC Business School in Paris, France.

Philippe Caturegli

Chief Hacking Officer
Philippe has over 20 years of experience in information security. Prior to joining Netragard, Philippe was a Senior Manager within the Information & Technology Risk practice at Deloitte Luxembourg where he led a team in charge of Security & Privacy engagements.

Philippe has over 10 years of experience in the banking and financial sector that includes security assessment of large and complex infrastructures and penetration testing of data & voice networks, operating systems, middleware and web applications in Europe, US and Middle East.

Previously, Philippe held roles within the information system security department of a global pharmaceutical company in London. While working with a heterogeneous network of over 100,000 users across the world and strict regulatory requirements, Philippe gained hands-on experience with various security technologies (VPN, Network and Application Firewalls, IDS, IPS, Host Intrusion Prevention, etc.)

Philippe actively participates in the Information Security community. He has discovered and published several security vulnerabilities in leading products such as Cisco, Symantec and Hewlett-Packard.

He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), PCI Qualified Security Assessors (PCI-QSA), OSSTMM Professional Security Analyst (OPSA), OSSTMM Professional Security Tester (OPST), Certified in Risk and Information Systems Control (CRISC)and Associate Member of the Business Continuity Institute (AMBCI).

Adriel Desautels

Chief Technology Officer
Adriel T. Desautels, has over 20 years of professional experience in information security. In 1998, Adriel founded Secure Network Operations, Inc. which was home to the SNOsoft Research Team. SNOsoft gained worldwide recognition for its vulnerability research work which played a pivotal role in helping to establish today’s best practices for responsible disclosure. While running SNOsoft, Adriel created the zeroday Exploit Acquisition Program (“EAP”), which was transferred to, and continued to operate under Netragard.
 
In 2006, Adriel founded Netragard on the premise of delivering high-quality Realistic Threat Penetration Testing services, known today as Red Teaming. Adriel continues to act as a primary architect behind Netragard’s services, created and manages Netragard’s 0-day Exploit Acquisition Program and continues to be an advocate for ethical 0-day research, use and sales.
 
Adriel is frequently interviewed as a subject matter expert by media outlets that include, Forbes, The Economist, Bloomberg, Ars Technica, Gizmodo, and The Register. Adriel is often an invited keynote or panelist at events such as Blackhat USA, InfoSec World, VICELAND Cyberwar, BSides, and NAW Billion Dollar CIO Roundtable.