How to Stop Ransomware: Breach Prevention vs. Cobalt Strike Backdoor

With a year-on-year increase of over 161%, malicious usage of cracked versions of Cobalt Strike (a legitimate penetration test tool) is skyrocketing. For organizations that still rely on signature-based next generation antivirus (NGAV) solutions to protect their endpoints from ransomware and other advanced attacks, this is terrible news. 

Developed in 2012 to give pen testers and red teams the capability to conduct hard-to-spot test attacks, Cobalt Strike is designed to be dynamic and evasive. Its purpose is to simulate advanced malware delivery and deployment. While these capabilities have made it an invaluable red team tool, malicious operators have hijacked various versions of Cobalt Strike, re-engineering it into a devastating malware delivery platform that can lead to ransomware. 

Over the years we have seen cybercriminals use Cobalt Strike to facilitate a range of threats, including attacks on point of sale systems. In 2020, 66% of all ransomware attacks used Cobalt Strike. The platform was also used in last year’s SolarWinds attack. With the average ransom now exceeding $240,000, and remediation costs soaring beyond $4 million, a malicious Cobalt Strike attack can be devastating for any business.

The good news is that Cobalt Strike cannot evade Morphisec’s unique Moving Target Defense (MTD)

Read More: