Please enable JavaScript.
Coggle requires JavaScript to display documents.
Ransomware - Coggle Diagram
Ransomware
Impact
Claims Revil makes $100 million/year
Overhead to contain, eradicate, and repair
Reduced customer value due to focus on cleanup and/or availability.
Demant claimed loss of $95 million from one incident
Who are they?
Ryuk
Likely ties to Grim Spider
Revil
Known to only work with only native Russian speakers
Maze
Code has logic to avoid infecting Russian territories
Likely Russian
History
Mandiant starts to spread the word about "
Advanced Persistent Threats
" (APT) in 2010
Ransomware starts to become a thing in late 2018
We see exponential growth by 2020
Process
APT & Ransomware Tools and Tactics
Get on the network (beach head)
Vulnerable perimeter system
Missing patch
Stolen credentials
Phishing
User tricked into running Cobalt Strike beacon
Command and Control
Cobalt Strike
Empire
Koadic
Find domain admin
Run
BloodHoundAD
Domain admin logged in where other users with lesser privileges can login.
Become domain admin
Got on server where domain admin logged in and run
mimikatz
to get creds.
Primary Targets
Top 3
Maze
Information Technology
Critical Manufactoring
Financial Services
Healthcare
Ryuk
Government Facilities
Education
Revil
Food and Agriculture
Communications