Ransomware Resources

What is Ransomware?

Ransomware is a type of malware that blocks access to a computer system until a particular ransom is met. The majority of ransomware encrypts as many files on the target machine as possible and requests payment in return for the decryption key. 

This type of malware is very prevalent and considered very harmful, as it can prevent organizations from continuing normal business operations up to months at a time. 

Many types of malware silently persist on the network, move laterally, communicate with their C2, or obfuscate their behaviors to prevent detection. In contrast to this, traditional ransomware used to be all about coming in with a big splash and causing immediate damage. The goal was to get on the machine and ransom data, and that was it. The sooner the malware could encrypt files, the less risky the attack, and the more likely the attacker would make money. 

This focused, singular objective resulted in a lot of simple, quick, and sometimes ugly malware.  Much of Cybereason’s early research into ransomware shows just that: while some were very sophisticated, others were quite crude. However, this does not stop the ransomware from being effective; in fact, quickly developing crude ransomware and spamming unsuspecting users continues to be a very cost-effective attack vector. 

Because ransomware operates so differently than other types of malware, it can be challenging to detect. Combined with obfuscation techniques and vulnerabilities that allow remote code execution, ransomware is able to evade legacy prevention solutions to achieve its goal.

Modern ransomware is taking a slightly different approach. Instead of limiting themselves to leveraging ransomware to exclusively collect a ransom, attackers are now deploying malware that steals credentials and persists in the network for an extended period of time before deploying ransomware. This method has the potential for much greater bang for the buck, as attackers can sell off stolen credentials, move to infect other machines on the network, and ultimately deploy the actual ransomware.