There are many places to stop a ransomware attack, this part looks at the initial intrusion.
In This Section
How Do the Bad Guys Get In?
Anatomy of a Modern Ransomware Attack
What does a ransomware attack look like? What tools do ransomware actors use to gain initial access, move through the network, steal files, and deploy the ransomware? Walk through a typical ransomware attack, step-by-step, and see why these attacks are so hard to stop.
Dwell Time: Moving Around the Network and Gaining Access
The Importance of the Active Directory Domain Controller in a Modern Ransomware Attack
Stealing Files
Deploying the Ransomware
Posting Stolen Files to Extortion Sites
Credential Markets and Initial Access Brokers
Initial Access Brokers (IABs) are one of the cottage industries that have exploded with the growth of ransomware. Learn how they work, what they’re looking for and what you should do to protect yourself from them.
The Size of the Underground Stolen Credential Market
All the Ways Ransomware Actors Can Use Stolen Credentials
Phishing Attacks
Some of the most sophisticated ransomware groups rely heavily on phishing as the initial attack vector. Understand how ransomware phishing attacks work, how to stop them, and how to effectively train employees to spot a phishing email.
Remote Desktop Protocol and the Importance of Multifactor Authentication
IABs love targeting Remote Desktop Protocol (RDP) servers— it’s inexpensive to get started, doesn’t take a lot of technical skill, and there are a lot of exposed RDP servers out there. Learn why RDP has quickly become one of the top attack points for IABs and how that leads to ransomware.
The Rise of RDP and Other Remote Accesses During the Pandemic
RDP Is an Easy Attack Vector for Ransomware
Using Multifactor Authentication to Protect Your Remote Access
Exploitation
Did you know that over the last year IABs have exploited more than 40 different vulnerabilities to gain initial access that was then sold to ransomware groups? Vulnerability management is a challenge, IABs and ransomware groups know that, which is why we’re seeing increasing interest from both in exploiting vulnerabilities as an initial access vector.