Ransomware Impact

Ransomware is an increasingly common and lucrative attack.

Ransomware attacks have become democratized, with criminal groups establishing Ransomware-as-a-Service (RaaS) operations, renting ransomware to recruited affiliates that, in turn, run attacks against organizations and pay a “royalty” to the RaaS providers.

Ransomware as a Service Diagram

In a ransomware attack, like a data theft attack, criminals infiltrate a company’s network and then move laterally to identify sensitive business data. Initial access to the network often comes from compromising a legitimate credential. Instead of simply stealing a copy of the data, however, they encrypt it and demand payment in cryptocurrency before providing a decryption key. Starting with a compromised credential, the ransomware conducts:

Connected User Network Icon

Active Directory Enumeration

SMB Share Enumeration

Username and Password Credentials Icon

Credential Dumping

Folder with encrypted password

Encryption of SMB shares

Lock with branching network - Line Icon

Encryption of VMWare ESXi virtual machines

Wipe clean icon

Wiping/Reformatting

Ransomware Exposure NodeZero Screenshot

How do you assess Ransomware risk?

NodeZero can help.

NodeZero helps organizations understand the impact ransomware could have on their environments by utilizing the same tactics and techniques used by skilled attackers. NodeZero identifies attack vectors, verifies the effectiveness of each, provides a “proof” to verify each weakness (or chain of weaknesses), enumerates all data and hosts it could compromise, and provides remediation guidance to eliminate the threat. Since it is an Autonomous Penetration Testing as a Service offering, pentests can start in minutes, not hours or days.

The ransomware threat landscape has changed: here’s how defenders must adapt.

In the face of the current ransomware threat landscape, cybersecurity teams are left feeling like they’re constantly setting up roadblocks in the dark, while their adversaries have night vision and the ability to circumvent nearly any obstacle. It’s time to shift that balance. Check out our recent article with Cybersecurity Dive.

Ransomware Exposure NodeZero Screenshot

How do you assess Ransomware risk?

NodeZero can help.

NodeZero helps organizations understand the impact ransomware could have on their environments by using the same tactics and techniques used by skilled attackers. NodeZero identifies attack vectors, verifies the effectiveness of each, provides a “proof” to verify each weakness (or chain of weaknesses), enumerates all data and hosts it could compromise, and provides remediation guidance to eliminate the threat. Since it is an Autonomous Penetration Testing as a Service offering, pentests can start in minutes, not hours or days.

What can NodeZero tell you?

Run NodeZero and inject it with a “compromised” domain user credential.

NodeZero will then use this domain user credential to:

Eye watching from computer screen - line icon

Discover hosts on the network.

Lock with branching network - Line Icon

Figure out which machines the domain user has administrative access to.

Verification shield over a laptop - Line icon

Find all data stores that the domain user has read/write access to.

Including SMB shares

Key inside computer chip - Line icon

Identify and exploit critical vulnerabilities in vCenter.

Build

Escalate privileges to a higher-level domain user.

Ransomware Attack Path Screenshot

Demystifying Ransomware

At high level, to be successful, ransomware needs to gain read/write/delete access to sensitive business data, read and encrypt the data, write it back in encrypted form, and delete the original data.

These attacks are not new; it is an outcome. Listen to this group of former nation-state-level practitioners and industry experts share their perspective and lift the veil off the mystery of ransomware.

Contact Horizon3.ai

Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. Contact us now for a quote or if you have any questions.