Ransomware is one of the many threats that are present on the network. As we know, hackers use this type of attack to encrypt users’ systems and files. Later in exchange they will ask for a financial rescue. This is the way they have to profit. It is true that there are many tools and methods that we can use to protect ourselves, but also hackers perfect their attacks. In this article we are going to talk about what stages cyber criminals use for ransomware .
What stages do they use to attack with ransomware
We echo a report by Cybereason . They have created a honeypot, a bait, to attract cybercriminals and thus analyze what methods they use to carry out their ransoware attacks at different stages.
Some attacks occur over a period of time as they attempt to affect additional resources within an organization. Using a honeypot, security researchers have been able to lure multiple criminals using ransomware and track each stage of an attack.
In the first stage , attackers gained initial access by exploiting public access remote management interfaces. Such interfaces are typically designed by network operators to give technical support personnel the ability to remotely connect to the network. To invade the network, attackers were able to force the password of the administrator account and log in remotely. After that, the criminals loaded and ran a PowerShell script to create a back door for cyber criminals to use and abuse the administrator account undetected.
In the second stage , hackers loaded more attack tools through PowerShell. One of them was Mimikatz, an open source tool used to steal user credentials. The stolen credentials were used in an attempt to move laterally across the network to domain controllers. However, the attempt failed as none of the compromised accounts had permission to access domain controllers.
Later came stage three . In this step the attack continued trying to move laterally by taking advantage of a network scanner to discover additional endpoints.
Finally, in the fourth stage , the ransomware was released on all compromised endpoints.
Different stages to cover more
This study shows that hackers go through different stages to try to reach more systems. The goal is to infect the largest number of computers with ransomware .
As we have mentioned, ransomware is one of the most dangerous threats on the network. It is essential that users take steps to prevent such attacks. Beyond possible security tools that we use, it will be essential to have the equipment updated. Sometimes vulnerabilities arise that can be exploited by hackers to attack. But in addition to this, common sense is very important. On many occasions the ransomware comes through a simple email with malicious attachments.
