According to Statistica, the average response time to a ransomware attack is 20 days. 20 days where your customers can’t order your product, 20 days where your end-users are unable to access important information - 20 days of incurred downtime for your organization resulting in massive profit losses and reputation damage. I think it goes without saying, time is of the essence during a ransomware attack.

In Part 3, CrowdStrike’s Endpoint Protection Content Research Team covered the finer points of Input/Output Control (IOCTL) usage by various wipers. The fourth and final part of the wiper series covers some of the rarely used “helper” techniques implemented by wipers, which achieve secondary goals or facilitate a smaller portion of the wiping process.

Register Now Nearly every day, news articles showcase big-name companies that became victims of cyberattacks and the hundreds of millions of dollars of loss it will have on their business. These headlines should not be surprising when you look at the data. The number of ransomware detected in Q1 2022 alone was double that of the whole year of 2021.

At CrowdStrike, our mission is to stop breaches. To achieve this, we’re always on the lookout to defend customers against active attacks and preemptively protect them against emerging threats. In July 2021, researchers from Royal Holloway, University of London, published a white paper, “RansomClave: Ransomware Key Management using SGX,” that presents a novel ransomware based on an Intel feature called Software Guard Extension (SGX).

Since its inception almost a decade ago and the MirrorBlast campaign, the threat actor group known as TA505 has continued to plague the financial, retail and restaurant sectors.

Digest Authentication is a challenge/response protocol that was primarily used in Windows Server 2003 for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges to authenticate. At a high level, a client requests access to something, the authenticating server challenges the client, and the client responds to the challenge by encrypting its response with a key derived from the password.

Can’t see the forest through the trees. Can’t tell the ransomware from the apps. Can’t contain the malware if you can only see parts of the network. Ransomware hackers have several different tools in their toolbelt to gain access to a computer and then a network. Common exploits include email phishing campaigns, remote desktop protocol (RDP) vulnerabilities, and software vulnerabilities.

Ransomware’s first documented attack was relatively rudimentary. It was delivered via floppy disk containing a malware program in 1989 that told its victims to pay $189 in ransom to a PO Box in Panama. Today ransomware criminals are significantly more sophisticated, thanks to advances in cyber methods and cryptocurrencies. Not all Ransomware is created equally. Like all malware, malicious codes vary in sophistication and modularity. As such, not all ransomware codes are made the same.