What is ransomware?

Ransomware is one of the most active and profound threats facing every organization today.

The term ransomware traditionally refers to the malware used for encrypting files and entire systems, but it has largely transformed to indicate a category of financially motivated attacks by leveraging extortion tactics to coerce victims into complying with ransom demands.

A new term—multifaceted extortion—is gaining popularity within ransomware conversations, as the methods and tactics of these attacks increase in scope and complexity.

From one of the first ransomware attacks to record-breaking ransom pay outs, ransomware and multifaceted extortion have proven to be an enduring cyber security threat shuddering businesses across the globe.

• Shining a Light on DARKSIDE Ransomware Operations
• UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
• Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Ransomware campaigns involve a sophisticated collaboration of threat actors (actual people behind their keyboards) across an attack life cycle. What were once highly opportunistic actors have become extremely organized financial predators. They’re hunting for the most profitable extortion strategies to attack multiple groups of systems.

Ransomware-as-a-service (RaaS) is relentlessly hitting the bottom-line of organizations across industries. Ransomware payoffs are increasing exponentially because threat actors apply pressure in multiple ways to coerce organizations to pay extortion demands.

The bad actor’s endgame is making money.

Since the emergence of mainstream ransomware threats in 2013, ransomware attacks have morphed from incidents impacting one or a limited number of systems to incidents involving entire enterprises and multifaceted extortion tactics.

The diverse specializations of bad actors and the commoditization of their operations in today’s cyber crime ecosystem have elevated multifaceted extortion to a grave concern for security leaders and one of the most profound cyber threats for enterprises around the world.

While ransomware has morphed into a booming business for cybercriminals and insurance companies alike, ransomware victims continue to pick up the remains of their enterprise, hoping to find solid ground again.

The devastating impact of a successful ransomware deployment includes both technical and non-technical challenges that can cripple both a business’ reputation and its operations.

These advanced attacks require a holistic security risk mitigation strategy, from the board to practitioners.

Mitigate this proliferating attack vector with Mandiant’s ransomware protection solutions. Leveraging our proactive cyber defense assessments, response and remediation services, system hardening guidance, and threat hunting techniques will bolster both your preparedness and your defensive capabilities.