As companies shift more focus to combatting the recent epidemic in ransomware attacks, they are faced with choices on how to best deploy defenses to counter new attacker tactics and stay ahead of the threat.

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”. Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. However, “Power Button Locator” is just one of my jobs. Windows won’t boot up?

Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. Ransomware is a type of malware that prevents users from accessing their system or personal files and demands a “ransom payment” in order to regain access.

AT&T’s Digital Forensic Incident Response (DFIR) team has been observing cybercriminal organizations steadily increase their ransomware capabilities over the last few years. We have seen ransomware grow in sophistication and capability at a rapid pace. So rapidly in fact, that each investigation shows a new tactic or change in the binary program responsible for encrypting clients’ data.

The ability of an actor to remain undiscovered or obfuscating its doings when driving a malicious campaign usually affects the gains of such campaigns. These gains can be measured in different items such as time to allow completion of operations (exfiltration, movement of compromised data), ability to remain operative before take down notices are issued, or ability to obtain gains based on for-profit driven crimeware (DDoS for hire, Crypto mining).

You may be surprised to learn that a particular malware is responsible for data theft in over 20% of financial institutions and other verticals in 2019. Watering hole attacks involve a web server that hosts files or applications where the website or files on the site become weaponized with malware. While recent news cycles have shined a spotlight on ransomware and crimeware, malware is not a new concept.

Businesses remain under a constant threat of being attacked by malware through a variety of different attack vectors. Malware is an abbreviation used for malicious software. Malware has been one of the most prominent threats since the very beginning of the origin of the internet and still pertains to be so. Malware is an umbrella term, and it includes virus, trojan horse, ransomware, worm, spyware, adware, etc. In this article, we will be focussing on spyware and adware.

As companies invest in stronger firewalls and better IT infrastructure, brute force attacks have become harder to pull off. That’s the good news. The bad news is that hackers, in turn, have found new ways of wreaking havoc. The increasing use of ransomware as a weapon is a prime example of this. Through phishing or stolen passwords, a ransomware attack can sabotage a company’s most valuable asset, it’s content, without being detected.