According to cyber security researchers’ findings about the anatomy of ransomware, it takes only a period of two weeks to gain access for cyber criminals to a network and deploy ransomware.
Author Saif Ahmed Bhuiyan | NITS DiGi, July 09, 2020
Hackers started to hunt around to find out ways to gain access and find ways to make money once the network was breached by the Trickbot malware.
They have been researching for quite some time in the network and trying to figure out and understand what it looks like. They have a target and their target is to monetise the data, the network, for their illicit gain.They are already aware of their potential for making money and are looking to expand that leverage.
Once the cyber criminals decided to exploit the network breach, they used tools like PowerTrick and Cobalt Strike to set their foot on the network and explored further, looking for open ports and other devices to which they could gain access. Then they moved to the next step which is the ransomware phase of the attack.
According to some solution providers, Ryuk malware attack took around two weeks from the initial TrickBot infection, through profiling the network. Going by the timestamps, we can guess the time period of two weeks for dwell time.
According to the UK’s National Cyber Security Centre Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally.
Ransomware has always been targeted accordingly. The ransom is set according to the victim’s ability to pay and it can take days or even months from the initial infection to the ransomware being activated. They need time to identify the most critical network systems. Which is a positive aspect for the defenders as it gives them time to rectify it and also prevent it. However it is very important to detect it before the attack takes place.
For example: Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump
According to the FBI, Ryuk is an extremely lucrative project for its criminal developers, generating roughly $61m in ransom between February 2018 and October 2019.
Ryuk has been successful in making organizations to pay ransoms meaning that the cyber criminals have a strong stand to hone their attacks. According to Platt “It’s obviously going to increase; they have more money and more ability now to hire even more talent.”
According to researchers, ransomware is definitely increasing. It started from hacking personal computers or networks for the ransom of a few hundred dollars and now they are playing with millions of dollars.
It is predicted that there will be more sophisticated extortion attempts by the hackers and they will dig more around the networks and will look for the biggest possible thing in order to extort organizations.