Ransomware – Another Compendium

While there were not a lot of high-profile incidents, it was another busy week in ransomware, particularly in the evolution of tactics to coerce victims into paying, as we reported last week in Let Me Show you my Shocked Face for $1000, Alex.

However, we start off with BleepingComputer’s “The Week in Ransomware” for November 13, for a litany of new variants of existing ransomware families to keep an eye out for.

Egregor was active over the weekend, and after encrypting files on a device, it reportedly printed ransom notes to attached printers.

If you keep wondering why ransomware is running rampant, that’s because Ransomware-as-a-Service (RaaS) offerings are more rife than you might ruminate. In addition to Dharma, reported in the Security & Resilience Update for August 13, 2020, Intel471 examines approximately twenty-five RaaS offerings across various tiers being advertised on the cybercrime underground, including the likes of Ryuk, Conti, DoppelPaymer, Egregor, and REvil.

But despite the continual evolution of tactics, being resilient to ransomware isn’t rocket-science. There are five common methods ransomware groups leverage to infect victims. Red Canary highlights these five pitfalls and associated quick-wins to overcome malicious email attachments, compromise of external facing assets, malicious code injection into known system processes, sub-optimal asset management, and human error.