Upload File

ransomware threat landscape overview - fireeye · 2016-05-10 · ransomware threat landscape...

  • Home
  • Documents
  • RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop
5
1 RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS Since mid 2015, iSIGHT Partners has observed significant escalaon in ransomware-related threat acvity, largely due to the highly publicized successes of established ransomware families and enhanced distribuon frameworks. New ransomware variants observed since mid 2015 infrequently differenate themselves from more prolific ransomware families, oſten borrowing taccs from their predecessors; however, they are sll representave of legimate opons among cyber criminals for extoron operaons. Some new variants boast evolving taccs, which represent deviaons from past malware iteraons, a trend we expect to connue. Since mid 2015, iSIGHT Partners has also observed the sustained distribuon of mulple, well-established ransomware families used in both geographically targeted and mass infecon campaigns. The emergence of ransomware-as-a-service (RaaS) has provided a profitable and repeatable business model that has fueled the underground economy geared toward ransomware operaons. Evolving mobile ransomware threat landscape is sll largely focused on Android operang systems (OS); however, cyber criminal intent to target Apple OS is evident. iSIGHT Partners expects to see ransomware threats sustain, if not exceed, momentum levels observed in 2015. THREAT DETAIL Overview of Ransomware Trends since Mid 2015 (Aug. 1, 2015 to Feb. 1, 2016) Blueprints Established by Prolific Ransomware Families Spawning New Wave of Threats Factors Influencing Uptick in Ransomware-Related Campaign Activity From mid 2015 to early 2016, iSIGHT Partners has observed significant growth and maturaon of the ransomware threat landscape resulng in a discernible upck in ransomware-related campaign acvity (for comparison informaon on past ransomware trends, see 15-00007094, July 27, 2015; and Intel-1288874, Nov. 24, 2014). This upck—which we assess is largely due to the successes of more established ransomware families and enhanced distribuon frameworks supporng operaonal scalability—has involved proliferaon of myriad new variants. High-profile media coverage of ransomware profit margins coupled with the relave low overhead it takes to operate a ransomware campaign have bolstered the appeal of this parcular aack type, fueling market demand for tools and services corresponding to its propagaon. For example, one 2015 case study highlighted the possibility of a one-man ransomware operaon neng a 1,425 percent return on investment for a 30-day campaign, dependent upon numerous variables such as payload costs, infecon rates, distribuon vectors and the monetary value of the ransom. Prolific ransomware families such as CryptoWall have provided successful blueprints for aspiring ransomware developers, showcasing increasing profit margins and campaign sustainability. According to the FBI’s Internet Crime Complaint Center (IC3), CryptoWall generated idenfied vicm losses totaling more than $18 million USD between April 2014 and June 2015. CryptoWall 3.0, since its emergence in January 2015, purportedly has caused more than $325 million USD in financial damages worldwide. According to open-source reporng, ransomware threats increased 155 percent in 2015 (year-on-year), largely due to an influx of RaaS tools and services flooding the cyber crime ecosystem.

Upload: others

Post on 09-Aug-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

1

RANSOMWARE THREAT LANDSCAPE OVERVIEW

KEY POINTS• Since mid 2015, iSIGHT Partners has observed significant escalation in ransomware-related threat activity, largely

due to the highly publicized successes of established ransomware families and enhanced distribution frameworks.

• New ransomware variants observed since mid 2015 infrequently differentiate themselves from more prolific ransomware families, often borrowing tactics from their predecessors; however, they are still representative of legitimate options among cyber criminals for extortion operations.

• Some new variants boast evolving tactics, which represent deviations from past malware iterations, a trend we expect to continue.

• Since mid 2015, iSIGHT Partners has also observed the sustained distribution of multiple, well-established ransomware families used in both geographically targeted and mass infection campaigns.

• The emergence of ransomware-as-a-service (RaaS) has provided a profitable and repeatable business model that has fueled the underground economy geared toward ransomware operations.

• Evolving mobile ransomware threat landscape is still largely focused on Android operating systems (OS); however, cyber criminal intent to target Apple OS is evident.

• iSIGHT Partners expects to see ransomware threats sustain, if not exceed, momentum levels observed in 2015.

THREAT DETAILOverview of Ransomware Trends since Mid 2015 (Aug. 1, 2015 to Feb. 1, 2016)Blueprints Established by Prolific Ransomware Families Spawning New Wave of Threats

Factors Influencing Uptick in Ransomware-Related Campaign ActivityFrom mid 2015 to early 2016, iSIGHT Partners has observed significant growth and maturation of the ransomware threat landscape resulting in a discernible uptick in ransomware-related campaign activity (for comparison information on past ransomware trends, see 15-00007094, July 27, 2015; and Intel-1288874, Nov. 24, 2014). This uptick—which we assess is largely due to the successes of more established ransomware families and enhanced distribution frameworks supporting operational scalability—has involved proliferation of myriad new variants.

• High-profile media coverage of ransomware profit margins coupled with the relative low overhead it takes to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation. For example, one 2015 case study highlighted the possibility of a one-man ransomware operation netting a 1,425 percent return on investment for a 30-day campaign, dependent upon numerous variables such as payload costs, infection rates, distribution vectors and the monetary value of the ransom.

• Prolific ransomware families such as CryptoWall have provided successful blueprints for aspiring ransomware developers, showcasing increasing profit margins and campaign sustainability. According to the FBI’s Internet Crime Complaint Center (IC3), CryptoWall generated identified victim losses totaling more than $18 million USD between April 2014 and June 2015. CryptoWall 3.0, since its emergence in January 2015, purportedly has caused more than $325 million USD in financial damages worldwide.

• According to open-source reporting, ransomware threats increased 155 percent in 2015 (year-on-year), largely due to an influx of RaaS tools and services flooding the cyber crime ecosystem.

Page 2: RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

2

ThreatScape Enterprise May 29, 2015 14:42:00 PM CST,

15-00004758, Version: [1]

Novel Ransomware VariantsWhile the majority of new ransomware variants lack distinguishing characteristics to differentiate themselves from more established brands— often drawing upon tactics, techniques and procedures (TTPs) leveraged by CryptoWall, CryptoLocker and other prolific ransomware families— they represent legitimate options for cyber criminals choosing to engage in extortive operations.

• Throughout this reporting period, iSIGHT Partners has observed—typically in Russian-language underground forums, but also permeating all global underground markets—increased activity pertaining to the advertisement of newly developed ransomware variants and solicitations for partnerships within ransomware operations.

• The majority of these new variants do not contain advanced features; however, basic encryption techniques are sufficient enough to make these tools functional and effective. Novice ransomware developers often use the TTPs of more established brands, giving the feel and effect that targeted individuals are infected with more well-known types.

In contrast, iSIGHT Partners has also observed several new variants that have developed new TTPs (of varying degrees of technical practicality), which represent deviations from past malware iterations. Based on the increased growth in this area, we assess with high confidence that ransomware developers will continue to equip ransomware variants with novel features to expand targeted platforms and increase conversion ratios.

• Operators behind a new ransomware variant dubbed “Chimera”—who began targeting German-based small- to mid-size business enterprises around mid-September 2015—leveraged new extortive threats to leak victims’ data in addition to traditional encryption-based ransomware behavior (for more information, see 15-00012808, Dec. 2, 2015).

• “Ransom32”—first publicly reported in late December 2015—is purportedly one of the first ransomware variants based entirely on JavaScript, potentially allowing for cross-operating system (OS) compatibility and could be packaged for both Linux and Mac OS (for more information, see 16-00001230, Feb. 2, 2016).

• According to open-source reporting, operators of “LowLevel04” ransomware purportedly spread via an unconventional infection mechanism leveraging Remote Desktop and Terminal Service.

• “Linux.Encoder.1,” according to open-source reporting, debuted in late 2015 as one of the first ransomware variants targeting Linux web-based servers. While the actual encryption capabilities of the earliest iterations of this variant proved to be suspect—with multiple reports alleging faults in its predictable encryption key—the targeting calculus associated with this malware family represents a deviation from more traditional Windows-based attacks.

Prolific Ransomware FamiliesiSIGHT Partners continues to observe the sustained distribution of multiple, well-established ransomware families used in both geographically targeted and mass infection campaigns. In multiple cases, these renowned variants, such as CryptoWall and TorrentLocker, spawned newly updated variants with improvements in either encryption capabilities or obfuscation techniques. We assess with high confidence that established ransomware brands will continue to pose a significant threat to global enterprises as malware functionality, encryption techniques and counter-mitigation measures are adapted and successfully introduced into updated variants.

• In late 2015, version 4.0 of CryptoWall—a well-established ransomware family that has been active in various permutations since at least November 2013—was identified with added features updating its encryption capabilities and enabling greater obfuscation (for more information, see Intel-1162876, Nov. 20, 2015).

§ Some of the more significant changes to this variant are its improved communication abilities, including its modified protocol that enables it to avoid detection by anti-virus solutions; modified changes in the ransom message dropped on infected systems; and, its ability to not only encrypt the content of files but also obfuscate target file names.

§ Distribution methods of all CryptoWall variants remain relatively constant; however, it has been noted that CryptoWall 4.0 has begun to rely more on third-party exploitation and delivery, such as malvertising and exploit kits. According to open-source reporting, CryptoWall 4.0 has been observed in payloads delivered by both Nuclear and Angler Exploit Kits (for more information on exploit kits, see 15-00014258, Jan. 11, 2016).

• Throughout 2015, iSIGHT Partners has observed continued distribution of TorrentLocker, a ransomware family that draws parts from both CryptoLocker and CryptoWall. Active since at least early 2014, according to multiple open-source reports, TorrentLocker has most often been seen distributed by geographically specific malicious spam campaigns (for more information, see Intel-1216322, Sept. 21, 2015; 14-33148, Sept. 2, 2015; and Intel-1239435, Sept. 17, 2014).

§ Recent variants of TorrentLocker have modified its encryption protocol, according to open-source reporting, allowing for the generation of a unique keystream for each file name.

Page 3: RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

3

ThreatScape Enterprise May 29, 2015 14:42:00 PM CST,

15-00004758, Version: [1]

§ Since mid 2015, TorrentLocker operators have targeted multiple geographic regions with designed specificity in terms of native-language lures spoofing trusted (and in most cases authoritative) in-country organizations. Most recently, iSIGHT Partners observed current TorrentLocker campaigns in Australia using a law enforcement-themed spam lure spoofing seemingly legitimate correspondence from the Australian Federal Police.

• CTB-Locker—a name that represents the key elements of the ransomware, namely Curve (for Elliptic Curve Cryptography), Tor and Bitcoin—first seen circa mid 2014 remained active throughout 2015 (for more information, see 15-00000044, Jan. 15, 2015). During this reporting period, multiple campaigns propagating CTB-Locker and its variants have been observed, including CTB-Locker distributors capitalizing on Windows 10 releases and free upgrades in mid 2015.

Emergence of Ransomware-as-a-ServiceBuilding on the successful blueprint established by TOX ransomware developers, the underground market economy for ransomware has gradually progressed beyond traditional “affiliate networks”—in which malware operators concede a portion of their profit in exchange for improved distribution of their payload—to “one-stop shops,” typically using Tor as a service platform, which provide customizable turnkey services and equip users with their own custom-built ransomware payloads for a percentage fee. While traditional affiliate networks are still very prevalent in underground eCrime communities, iSIGHT Partners has observed the emergence of several new ransomware variants adopting a RaaS framework since mid 2015, a phenomenon likely driven by the competitive development of quality goods and services within the cyber crime ecosystem. Based on multiple factors, we continue to assess with high confidence that RaaS offerings—which are uniquely poised to capitalize on current underground marketplace demand for ransomware—will act as a force multiplier to already increasing numbers of ransomware infections. The following are examples of RaaS offerings we have encountered within various underground forums:

• In late November 2015, “FABKEN Team” advertised a specified onion domain in which users can gain access to the group’s self-described CryptoLocker service. Once registered, prospective users can download the developers’ executable for $30.00 USD, specify Bitcoin ransom demands and track campaign statistics.

• Based on open-source reporting, “Ransom32”—the first publicly reported ransomware variant based entirely on JavaScript—was first spotted in the wild in late December 2015; however, early formulation of its RaaS business concept was developed circa November 2015 in various underground forums. Similar to user support offered by other RaaS variants, Ransom32 affiliates are equipped with a customer service-oriented affiliate console in which they can specify campaign parameters (e.g., requested ransom amount in Bitcoin). Once the ransomware is configured to their specifications, affiliates can then generate and download their own customized executable. The malware developers net 25 percent of all generated profit, allowing affiliates to keep 75 percent of their earnings (for more information, see 16-00001230, Feb. 2, 2016).

• In late August 2015, “Team ORX” announced their RaaS offering dubbed ORX-Locker. After registration with the ORX-Locker service (accessible by a specified onion domain), users are displayed with a customized panel with five different sections intended to facilitate campaign effectiveness and generate a customizable executable by merely clicking a button (for more information, see 15-00010740, Oct. 14, 2015). Team ORX pockets 25 percent of any successful infections.

• In late July 2015, “Encryptor RaaS” was advertised within a popular Russian-language underground forum. Encryptor RaaS purportedly provided encryption and decryption panels via a specified onion-based domain for customizable use by any malicious actor. After users provided specified target information and bitcoin wallet locations, they received a customizable payload (for more information, see 15-00007688, Sept. 2, 2015). Of specific note, the product being dubbed by the originator as a RaaS—terminology typically used in the cyber security industry—exemplifies threat actor cognizance of the utility (and profitability) of “as-a-service” business models.

• We have previously identified at least four factors contributing to the growing attractiveness of RaaS offerings: the empowerment of less technically proficient actors, increased profitability, operational scalability and campaign diversification and operational security (for more information, see 15-00010740, Oct. 14, 2015).

Page 4: RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

4

ThreatScape Enterprise May 29, 2015 14:42:00 PM CST,

15-00004758, Version: [1]

Mobile Device Ransomware

Android RansomwareAs the threat landscape for mobile malware has expanded significantly, mobile malware developers—likely cognizant of the successes of PC-based ransomware—continue to develop ransomware targeting mobile platforms (for more information, see Intel-1147182, Jun. 24, 2014). Based on open- and sensitive-source reporting, mobile ransomware developers, both historically and currently, have largely focused on exploiting Android operating systems (OS)—perceived to have the most lax security environment in terms of mobile app marketplaces, which is a common distribution vector for mobile malware. Since mid 2015, we have observed the continued proliferation of Android ransomware within various underground forums, predominantly Russian-language forums. In addition to the widespread distribution of this malware type, we have also observed advances in overall malware sophistication, something we judge will continue throughout 2016.

• Building on its momentum in early 2015, new variants of Android ransomware exponentially increased (in most cases month after month) throughout 2015, with malware developers taking advantage of Android’s permissive security environment and exploiting multiple known media server vulnerabilities, according to open-source reporting.

• Android ransomware variants encountered both in the underground and seen in the wild primarily relied on malicious apps (disguised as legitimate applications) and malicious landing pages as infection vectors. For example, malware developers often used adult-themed applications as infection vectors, which were then subsequently leveraged in law enforcement-themed extortive lures.

• Historically, Android ransomware has been less damaging than its PC-based counterparts; for example, early mobile ransomware variants merely displayed persistent pop-up windows on “locked” devices without actually rendering them inoperable. Over time, mobile ransomware variants such as “Simplocker” were developed, allowing operators to encrypt—first using a single hard-coded encryption key and then later generating unique encryption keys for each infection—data stored on mobile devices (for more information, see 15-00000508, Feb. 24, 2015). During this reporting period, we also observed several other advances in mobile ransomware capabilities:

§ According to open-source reporting, new variants of Simplocker have been observed leveraging Extensible Messaging and Presence Protocol (XMPP) to circumvent mobile security applications and anti-malware tools in order to retain network communications with its C&C. This represents a deviation in TTPs given that the majority of encrypting mobile ransomware uses simple HTTP/S to communicate with C&C servers.

§ Developers of “PornDroid” ransomware purportedly updated the malware in order to conform to Google’s Material Design language, according to open-source reporting. In theory, leveraging Google’s own design could lend more legitimacy to ransom lures, thus increasing conversion rates and bolstering profitability.

§ “Lockdroid.E,” according to open-source reporting, uses click-jacking techniques in order to trick users into granting the malware administrator access to their mobile devices. The malware purportedly triggers multiple dialog boxes in a series of prompts to obfuscate actual administrator activation dialog.

Apple RansomwareWhile the overwhelming majority of mobile ransomware has targeted Android OS, likely due to its permissive security environment, we have observed several attempts by mobile malware developers to target Apple OS since mid 2015. While the tools we have observed cannot be considered malware, they do exemplify continued threat actor interest in developing methods to target this platform. iOS’s and Mac’s tighter control over app distribution (compared to that of Android or Windows) has lessened users’ risk of incurring ransomware—especially considering the majority of Android-based malware originates from third-party app stores. However, given the popularity of Apple products, we believe cyber criminals will continue to develop methods to exploit these systems, albeit with less prevalence than current trends observed in Android campaigns.

• “Apple Develop,” advertised in October 2015 in a Russian-language underground forum, allegedly facilitates the automated remote locking of iOS devices via Apple account takeover (for more information, see 15-00012178, Nov. 10, 2015). According to the application’s developer, Apple Develop essentially automates efforts to brute force e-mail accounts linked to iOS devices; the software most likely leverages previously compromised e-mail accounts (e.g., third-party breach) to brute force associated Apple accounts. Once user account access is obtained, the software resets device PIN codes and initiates remote locking.

• “Apple Locker,” advertised in mid 2015, used near identical TTPs (e.g., brute force) in order to facilitate the remote locking of iOS devices (for more information, see 15-00007526, Aug. 6, 2015). Similar to a 2014 campaign in which Apple-related devices were remotely locked primarily in Australia, we believe Apple Locker would ostensibly leverage and exploit Apple-associated security features such as “Lost Mode” and “Find my iPhone” in order to render devices inoperable.

Page 5: RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

5

ThreatScape Enterprise May 29, 2015 14:42:00 PM CST,

15-00004758, Version: [1]

OUTLOOK AND IMPLICATIONSLooking forward, iSIGHT Partners expects to see the ransomware threat landscape sustain, if not exceed, momentum levels observed in 2015. Cyber extortion operations, as a whole, have gained significant notoriety in the past year, with illicit profits garnered from highly publicized campaigns undoubtedly resonating among cyber criminals. Recent campaigns in which targeted victims acquiesced to extortion demands, such as the February 2016 ransomware campaign targeting Los Angeles-based Hollywood Presbyterian Medical Center, further reinforce the legitimacy (and popularity) of this particular attack method.

Capitalizing on this momentum, we expect to see ransomware developers continuing to expand the TTPs of both established and newly created ransomware variants for use in protracted campaigns. In addition to threats posed to individual users incurring ransomware infections, this attack type is and will continue to be an enterprise concern.

One factor that we judge critical to our assessment is the continued professionalization of the eCrime marketplace supporting this threat landscape. In order to support increasing ransomware campaign activity, we expect to see continued elevated marketplace demand for goods and services supporting this attack type. For example, the emergence of RaaS platforms capitalized on two of the most critical tenets of successful ransomware campaigns: automation and operational scalability. The ability of RaaS platforms to provide widespread accessibility to myriad malicious actors embodies the professionalization of this threat landscape, and provides even the most novice users the blueprint for a successful and repeatable business model to generate illicit financial gain.

Information Cut-Off Date: Feb. 22, 2016


CROWDSTRIKE // WHITE PAPER RANSOMWARE A GROWING …€¦ · CROWDSTRIKE // WHITE PAPER RANSOMWARE A GROWING ENTERPRISE THREAT ... the sheer volume of ransomware variants released

MOBILE THREAT LANDSCAPE REPORTEvolving Threat Classes Remote Access Tools Banking Trojans Access Facilitation Ransomware Cryptomining Geographic Variations in the Threat Landscape

THREAT LANDSCAPE - stallion.lv · Why ransomware? •Valueof’stolenrecords’has’declined •Monitored’by’financial’authorities’and’law’enforcement •PoSsystemsform’a’subRset’of

Ransomware Threat Report : WannaCry · Ransomware Threat Report : WannaCry IN-DEPTH COVERAGE AND INSIGHTS OF THE WANNACRY RANSOMWARE FROM ARMOR’S SECURITY EXPERTS

Ransomware: Evolution & Cyber Threat Landscapepages.accudatasystems.com/rs/729-XKH-207/images/Ransomware - … · 2 –M-Trends 2015: A View from the Front Lines. RANSOMWARE: THREATACTORS,

Healthcare Data Under Siege: Ransomware and the Cyber ... › sites › default › files › threatstop... · Healthcare Data Under Siege: Ransomware and the Cyber Threat Landscape

RANSOMWARE - Cybersecurity Insiders€¦ · Ransomware is the fastest growing security threat, perceived as a moderate or extreme threat by 80% of cybersecurity professionals. 75%

Defend Your Data from Ransomware Attacksdiscover.zyxel.com/rs/471-TTL-126/images/Ransomware...Defend Your Data from Ransomware Attacks The Threat of Ransomware The WannaCry attack

Cyber Threat Landscape

Healthcare Data Under Siege - ThreatSTOP › sites › default › files › healthcareransomware_… · Healthcare Data Under Siege: Ransomware and the Cyber Threat Landscape. Introduction

MAPPING THE RANSOMWARE LANDSCAPE - Bitpipedocs.media.bitpipe.com/io_13x/io_137963/item_1550281/Mapping T… · 2 RANSOMWARE GUIDE: MAPPIN THE RANSOMWARE LANSCAPE SCOPE OF THE THREAT

Malware Year in Review - Cofense€¦ · the early months of 2016, only diminishing as the ransomware trend in 2016 brought numerous other ransomware utilities onto the threat landscape

Evolving Threat Landscape

The Ransomware Threat is Evolving - cdn.buttercms.com

No Stone Unturned - Kaspersky Internet Security · Leaving no stone unturned – protection against ransomware with Kaspersky The threat landscape is constantly developing, and Kaspersky

THE RISE OF RANSOMWARE AND ITS THREAT TO THE LEGAL … · 2017. 10. 9. · THE RISE OF RANSOMWARE AND ITS THREAT TO THE LEGAL PROFESSION @ICSGetsIT. RANSOMWARE AND SECURITY BREACHES:

SamSam Ransomware Campaigns - … Ransomware Campaigns Secureworks® Counter Threat Unit™ Threat Intelligence Release date: THURSDAY, FEBRUARY 15, 2018 Summary In ®late 2015, Secureworks

ENISA Threat Landscape

HC3 Intelligence Briefing Update Ransomware Threat to

NSE1 Threat Landscape

CTERA Minimizing the threat of Ransomware with enterprise file services

The New Threat on Campus: Ransomware Locks Down Education

Global Internet Security Threat Landscape 2018...2018/08/28  · Global Internet Security Threat Landscape 2018 ITU Workshop on Advanced Cyber Security Attacks and Ransomware Thomas

Ransomware Threat Report : WannaCry fileRansomware Threat Report : WannaCry IN-DEPTH COVERAGE AND INSIGHTS OF THE WANNACRY RANSOMWARE FROM ARMOR’S SECURITY EXPERTS

Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

Is Your MSP Offering Able to Protect Against the Latest ... · Real Threats –Current Threat Landscape Source: Webroot Threat Research 2018 Malware & PUAs Ransomware RDP Incursions

Protecting Your Network from Malware - Akamai...Protecting Your Network from Malware The threat landscape is becoming increasingly hostile. Malware and ransomware campaigns, phishing

2021 Ransomware Threat Report

Threat Landscape

Ransomware and Digital Extortion - EXPLORE 2020 · •Overview of Ransomware/Digital Extortion and the Threat to Healthcare Industry •Case Studies of Healthcare Ransomware Attacks

Ransomware Threat Report : WannaCry

A New Era of Cyber Threats: The Shift to Self-Learning ...€¦ · Insider Threat Data Exfiltration Ransomware Zero-Day Data Manipulation Sophisticated Threat Landscape. ... Seek

CRYPTOJACKING IS THE NEW RANSOMWARE USES ......Threat Landscape Report for Q1 2018 Title Threat Landscape Report Q1 2018 Infographic Subject Look at the latest threat trends and issues

Ransomware: 2016's Greatest Malware Threat