Trend Micro -
Update as of July 9, 2021 4:15 p.m EDT: Identifying Kaseya VSA Indicator of Compromise using Trend Micro Vision One
We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint.
In most cases, these attacks could be stopped with a concerted effort on cybersecurity hygiene. That is the key to stopping this growing trend of successful modern ransomware attacks.
Modern Ransomware Attacks
Modern ransomware leverages a wide range of tools and tactics to navigate corporate infrastructure and find the company’s crown jewels. Often, the initial point of entry is known vulnerabilities that have not been patched.
In the latest instance against Kaseya, previously unknown, or zero-day, vulnerabilities were leveraged. While this is increasingly uncommon, attacks that use new bugs can still be stopped.
Regardless of how attackers get in, there are several places where they can be spotted and stopped before they get to the point of encrypting data and demanding a ransom.
These are the possible extortion outcomes in today’s ransomware attacks:
Ransomware: Encrypt files and then drop the ransom note … wait for the payment in bitcoin. Double extortion: Ransomware + data exfiltration that is threatened to be released if payment is not received. Maze