December 20, 2023 at 09:03AM
Ransomware groups are increasingly using remote encryption in their attacks, targeting unmanaged devices to compromise entire networks. Microsoft revealed that about 60% of ransomware attacks involve remote encryption. This tactic renders process-based remediation measures ineffective, with compromised machines unable to detect malicious activity. Cybercriminals are also engaging with the media to control the narrative and mythologize themselves, indicating a professionalization of cybercrime.
Based on the meeting notes, the key takeaways are:
1. Ransomware groups are increasingly utilizing remote encryption in their attacks, targeting underprotected devices to compromise entire networks.
2. Around 60% of ransomware attacks now involve malicious remote encryption, with 80% of compromises originating from unmanaged devices.
3. Ransomware families known to support remote encryption include Akira, ALPHV/BlackCat, BlackMatter, LockBit, and Royal, and this technique has been used as far back as 2013.
4. Remote encryption renders process-based remediation measures ineffective, making it difficult for managed machines to detect malicious activity on unmanaged devices.
5. Ransomware landscape is evolving, with threat actors adopting atypical programming languages, targeting beyond Windows systems, auctioning stolen data, and launching attacks after business hours and at weekends to thwart detection and incident response efforts.
6. Ransomware gangs are leveraging media engagement to pressure their victims, control the narrative, and inflate their own notoriety and egos.
Let me know if you need further details or specific action items from this information.