Ransomware has become one of the most popular and destructive attacks in cyber security in recent years. Instead of stealing data as in most other attacks, the goal of ransomware is to hold the user’s data hostage by making it unusable until a ransom fee is paid. This is accomplished by encrypting the victim’s machine with an encryption key that the attackers then offer to sell back to the victim in exchange for cryptocurrency. The attack is easy once attackers have a foothold and requires little effort to execute, making this method much more cost efficient than other attacks. While ransomware can be thwarted by simply replacing the encrypted machine with a backup image, many organizations do not have the backups and are increasingly paying the ransom rather than accepting the massive data loss, increasing the success rate and popularity of this attack.
Threat Research Report: Ransomware Advisory
More resources
Threat Research Report: Solar Winds Supply Chain Attack (Solorigate/SUNBURST)
On December 13th, a disclosure was made for a compromise in the SolarWinds IT Management software suite code base that made a supply chain attack possible for all SolarWinds customers. While it is unknown how many of the SolarWinds customers are facing impacts from the supply chain attack, it is widely acknowledged that this foothold is […]
Threat Research Report: Hafnium Exchange Zero-Days
On March 2, 2021, Microsoft Security Response Center released updates related to vulnerabilities affecting on-premises deployments of Microsoft Exchange Server 2013/2016/2019. Microsoft also revealed details around active exploitation of these vulnerabilities using zero-day exploits. This RQ Threat Advisory outlines the vulnerability and its exploitation in more detail including IoCs (indicators of compromise) and GreyMatter detection […]
Are You Really Hunting? Developing and Implementing a Threat Hunting Methodology
The industry emphasis on the constant implementation of new security tools and technologies has led organizations to make substantial investments into security personnel. Those talents are spent primarily on maintenance and reacting to the various alerts that these disparate technologies are built to address. A vast amount of time is spent investigating, tuning false positives, […]