An Updated Framework of Defenses Against Ransomware
Abstract
The proliferation of tools and techniques to disrupt enterprise systems has evolved from those capable of supporting merely opportunistic attacks to those enabling targeted attacks. Furthermore, attackers continue to develop methods for monetizing their efforts, resulting in ransomware, a very disruptive threat to business as well as governmental departments and agencies. Ransomware developers are now selling their tools as a service, enabling attackers (individual criminals, organized crime, ideological hackers, or nation-state teams, all hereafter referred to as affiliates) to use tools they do not build or maintain to attack vulnerable systems. In the last few years we have seen a rise of successful ransomware affiliates that purchase the malware that they use and incorporate it into a ransomware tool chain that is targeted to a specific victim. These attackers lock victims out of their own data, usually by encrypting it, and attempt to extort money to restore the victims access to the enterprise data under threat of data destruction or disclosure as a response for non-payment. Recent high-profile cases, including attacks attest to the seriousness of the problem. In each case, the victims suffered operational disruptions with monetary losses.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2020
- Accession Number
- AD1110316
Entities
People
- Timothy J. Shimeall
- Timur D. Snoke
Organizations
- Carnegie Mellon University