How Proofpoint Defends Against Ransomware

Ransomware is one of today’s most disruptive forms of cyber-attack. It puts victims out of business, forces hospitals to turn away patients and brings entire governments to a standstill. It has evolved into one of the most menacing cyber threats today. Last year alone, the United States experienced more than 65,000 ransomware attacks. The threat is a top concern for CISOs, and it has become a national security issue. Most alarmingly, many organisations are wholly unprepared for a ransomware attack. Just 13% of IT experts surveyed by the Ponemon Institute said their company can prevent ransomware. And more than 68% consider themselves “vulnerable” or “very vulnerable.

Email and web are the primary ransomware attack vectors. Most ransomware attacks today are multistage. With these attacks, email or compromised websites play an integral part in the initial stages of the attack chain. They often deliver an initial payload as a malware downloader. These payloads are designed to gain entry into a user’s system. And they are often used to steal credentials and gain access to the user’s network. Ransomware actors also use stolen credentials to gain access to internet-exposed services. Common tactics include credential phishing emails, brute forcing passwords and drive-by compromises.

Once initial access has been gained, ransomware actors establish persistence, conduct reconnaissance and move laterally. Inside, attackers not only can encrypt sensitive files, but they can also exfiltrate sensitive information for double-extortion tactics.

As backup and recovery measures have become more successful at thwarting ransomware attacks, threat actor tactics have evolved to overcome them. Ransomware actors are now using what’s called double-extortion ransomware.

Prestataire: Proofpoint Ltd   |   Taille: 600 ko   |   Langue: Anglais