Security News > 2020 > March > How to avoid a costly enterprise ransomware infection

In most cases of human-operated ransomware attacks against enterprises, the hackers don't trigger the malware immediately: according to FireEye researchers, in most of cases, at least three days passed between the first evidence of malicious activity and ransomware deployment.

What are the attackers waiting for? One of the reasons for the delay is the wish to spread the ransomware to many systems before running it.

The ransomware is just the last piece of the puzzle, though - before it, the groups use other malware and techniques to breach company networks, perform lateral movement and keep their presence hidden until the time is right to inflict as much damage as possible.

"Human-operated attacks involve a fairly lengthy and complex attack chain before the ransomware payload is deployed," the Microsoft Threat Protection Intelligence Team explained.

"The earlier steps involve activities like commodity malware infections and credential theft that Microsoft Defender ATP detects and raises alerts on. If these alerts are immediately prioritized, security operations teams can better mitigate attacks and prevent the ransomware payload. Commodity malware infections like Emotet, Dridex, and Trickbot should be remediated and treated as a potential full compromise of the system, including any credentials present on it."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kf1C4uuSftM/