Ransomware attacks used to be a fairly noisy and obvious attack as malware executed and countless files and their backups were rendered inaccessible either through encryption or deletion. This activity would light up alerts and security solutions like a Christmas tree or New Year’s fireworks. However, during 2023 many ransomware groups have been forgoing the file encryption and deletion phases while they tip-toe around our networks, silently lurking and establishing a foothold.

Maintaining good cyber hygiene practices go a long way to being resilient against ransomware, but defenders would be wise to remember that today’s ransomware attacks are more likely to stay under the radar rather than to light it up. So, which behaviors are ransomware groups tending toward these days? Check out Malwarebytes for an overview of the more silent ransomware operations to defend against, including living-off-the-land (LOTL) techniques, fileless malware, disabled security solutions, BYOVD (bring your own vulnerable driver), and more. As always, members are always encouraged to reference CISA’s Stop Ransomware page for up-to-date guidance, alerts, and other resources for staying resilient against ransomware. For more, check out Malwarebytes.