Inside the cyber criminals' minds!
According to cyber security researchers’ findings about the anatomy of ransomware, it takes only a period of two weeks to gain access for cyber criminals to a network and deploy ransomware.
Hackers started to hunt around to find out ways to gain access and find ways to make money once the network was breached by the Trickbot malware.
They have been researching for quite some time in the network and trying to figure out and understand what it looks like. They have a target and their target is to monetize the data, the web, for their illicit gain. They are already aware of their potential to make money and want to expand that leverage. Once the cybercriminals decided to exploit the network breach, they used tools like PowerTrick and Cobalt Strike to set their foot on the network and explored further, looking for open ports and other devices to which they could gain access. Then they moved to the next step which is the ransomware phase of the attack.
According to some solution providers, the Ryuk malware attack took around two weeks from the initial TrickBot infection, through profiling the network. Going by the timestamps, we can guess the time period of two weeks for dwell time.
According to the UK’s National Cyber Security Centre Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ransomware has always been targeted accordingly. The ransom is set according to the victim’s ability to pay and it can take days or even months from the initial infection to the ransomware being activated. They need time to identify the most critical network systems. Which is a positive aspect for the defenders as it gives them time to rectify it and also prevent it. However, it is vital to detect it before the attack takes place.
For example, Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump
According to the FBI, Ryuk is a highly lucrative project for its criminal developers, generating roughly $61m in ransom between February 2018 and October 2019.
Ryuk has been successful in making organizations pay ransoms meaning that cybercriminals have a strong stand to hone their attacks. According to Platt “It’s obviously going to increase; they have more money and more ability now to hire even more talent.” According to researchers, ransomware is definitely increasing. It started by hacking personal computers or networks for the ransom of a few hundred dollars and now they are playing with millions of dollars. It is predicted that there will be more sophisticated extortion attempts by the hackers and they will dig more around the networks and will look for the biggest possible thing in order to extort organizations.