Detection and Response
Protecting Against Recent Ransomware Attacks
Modern ransomware attacks targeting large enterprises continue to evolve from double to triple or even quadruple extortion tactics. Discover how to stay one step ahead with our case study of the ransomware family, Nefilim.
As ransomware continues to evolve, your security strategy must as well. Modern ransomware attacks are targeting enterprises with significant revenues, causing serious concerns for those holding intellectual property data, proprietary information, private employee data, and customer data. Such data leaks can lead to steep fines, penalties, lawsuits, and overall reputation damage. Discover more in our case study Modern Ransomware’s Double Extortion Tactics and How to Protect Enterprises Against Them.
Malicious actors continue to take advantage of modern technologies to launch more effective and destructive ransomware attacks. One tactic used often today is double extortion—a precise attack where cybercriminals exfiltrate the data first and then demand a ransom, ensuring that that if their target refuses to pay, they can leak the sensitive data online and damage the organisation’s reputation. This is a step up from just encrypting the files and not providing a means to decrypt them upon failure to pay.
Trend Micro Research conducted an in-depth case study of the Nefilim ransomware family to show how enterprises can formulate an effective defence strategy. The profile of a Nefilim victim is broad in terms of location and industry, but commonly companies with a revenue of more than USD $1 billion are targeted.
While Nefilim is just one ransomware family amongst many, it provides a good look into how modern ransomware functions. Through our case study, we found many overarching ransomware trends that enterprises should be aware of. This includes:
- Access as a service (AaaS) brokers are the go-to method of penetrating an organisation. The bigger the target, the more likely attackers will buy their way in from AaaS brokers in a gamble to make their money back from double extortion.
- The extortion net will continue to expand. There have been instances where cybercriminals have used triple or quadruple extortion methods to ensure some money is made. These attacks include targeting customers and employees with small sum demands.
The complexity and stealth of modern attacks requires more defence in depth. Disconnected point products that require manual correlation of threat data are not quick or effective enough at detecting and remediating these evolved techniques and tactics (TTPs).
To achieve the broad visibility across all layers and endpoints of your infrastructure, you need to shift to a platform security approach. This gives you one point of visibility truth throughout your environment with deeper detection, automated correlation, and quicker remediation.
Learn more in our case study Modern Ransomware’s Double Extortion Tactics and How to Protect Enterprises Against Them.