It’s a nightmare scenario for any IT manager, receiving a phone call to hear that hundreds of computers have been infected with ransomware, knocking critical systems offline and putting their organization’s entire operations at risk.
That’s what happened to one large organization earlier this year, when it found itself the victim of a carefully planned and executed ransomware attack. What was uncovered from our investigation was a perfect example of an emerging form of corporate-specific attack. While most ransomware gangs have focused on widespread, indiscriminate campaigns, a number of groups have begun deliberately targeting specific organizations in a bid to completely cripple operations and extract a massive ransom.
Many of these attacks employ the same high level of expertise we see in cyberespionage attacks, using a toolbox that includes exploits of software vulnerabilities and legitimate software utilities to break into and traverse an organization’s network.