Security News > 2023 > March > Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
The risks you introduce by taking your eyes off the ransomware threat in 2023 to focus on the next, old-is-new-again shiny topic are similar to the risks you would have faced if you started focusing exclusively on ransomware a few years ago, when it was the hot new fear of the day.
These include using phishing, searching out improperly-configured RDP servers, looking for unpatched online services on your network, or simply by buying up access credentials from crooks who were in before them.
Cybercriminals who sell credentials for a living, typically to data thieves and ransomware gangs, are known in the jargon as IABs, short for the self-descriptive term initial access brokers.
Legitimate tools abused by the attackers include utilities often used for official remote access, for running administrative commands remotely, and for typical sysadmin tasks.
Simply put, T1486 generally denotes attackers who plan to extort money out of you in return for unscambling your precious files, and who aim to squeeze you harder than ever by creating as much disruption as possible, and therefore giving themselves the biggest blackmail leverage they can.
After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.