<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Ransomware: What happens under the surface?

by Sebastiaan Bosman Blog 3 Dec 2020

Every now and then, there’s a new headline about an organisation hit by a ransomware attack. How parts of their infrastructure and sensitive data was suddenly encrypted, impacting customers, productivity, and their reputation. What would you do in such a situation? Pay the ransom? Or should you never negotiate with criminals?

Experts at the helm

Naturally, you’d rather never have to make that decision. Though you can never fully prevent being hit by a ransomware attack, you can significantly decrease the chance of it happening. To do that, you first need to understand two things:

How do the bad guys operate?
What do you have that needs protecting?

To help you answer these two seemingly easy questions, we have organised a webinar together with cybersecurity company Intel 471. Two security experts took control of their ransomware submarine.

Maurits Lucas, Director of Intelligence Solutions at Intel 471, took a deep dive to explain what goes on under the surface. How do cyber-criminals develop and distribute ransomware? And how can you spot this activity before it’s too late?

Then, Eward Driehuis, SVP Strategy at Cybersprint, described how you can bring risks in your digital footprint back to the surface. What do you need to map and monitor your digital assets? How can these insights help you prioritise the systems that need your attention the most?

Watch the Webinar >

Criminal partnerships

Intel 471 is specialised in the Intelligence aspect of cybersecurity. Their malware solution is able to detect and monitor both adversary intelligence (what do the bad guys talk about, what are they selling/buying?) as well as malware intelligence (what tools do they use to conduct their activities?)

What they see is that most of the malware does not come from a single actor, or even from a single group. Rather, it is the work of actor groups coming together in loose affiliation around, for instance, a certain buyer-seller relationship. As different groups have developed specialties of the malware process, they have to build partnerships to make and distribute an attack successfully.

Intel maps that structure, making them able to see who is responsible for what aspect. Tracking this gives them early warning signals, helping organisations stay more secure.

Linking digital risk to business risk

When Eward took the wheel, he explained how many organisations struggle to get a good grasp on their digital footprint. And if you don’t fully know what assets are out there, how can you repair the vulnerabilities they use to plant their ransomware?

Cybersprint provides a Digital Footprint platform to help organisations build their resilience. To protect from threat actors, you need to look at your organisation in the same way as they do: from the outside-in. What digital assets are out there, how do they link to your systems, and are there any weak spots?

Eward shows how automated and continuous monitoring reveals risks, making sure security specialists can take appropriate action. Well before they’d have to make any dreaded phone call.

Want to see the submarine making the full dive? Click here to watch the recording of the webinar.Watch the Webinar >

pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Securing critical infrastructure: new regulations mandate control

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

read more

Mandatory IT audits: risk scores don’t mean security

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

read more

Determining your cybersecurity maturity

How safe your organisation is from a cybersecurity point of view depends on a lot of factors. Not only should your private and confidential data be kept private and confidential through a plethora of technical defenses, there are also, among others, many processes such as for IT governance and incident response to consider. How your organisation deals with all these challenges determines its cybersecurity maturity. But why is determining this maturity level important?

read more

Do you have a question?

Our experts have the answers

Contact us