Contact us
Request demo →
Contact us

Ransomware: What happens under the surface?

by Sebastiaan Bosman Blog 3 Dec 2020

Every now and then, there’s a new headline about an organisation hit by a ransomware attack. How parts of their infrastructure and sensitive data was suddenly encrypted, impacting customers, productivity, and their reputation. What would you do in such a situation? Pay the ransom? Or should you never negotiate with criminals?

Experts at the helm

Naturally, you’d rather never have to make that decision. Though you can never fully prevent being hit by a ransomware attack, you can significantly decrease the chance of it happening. To do that, you first need to understand two things:

How do the bad guys operate?
What do you have that needs protecting?

To help you answer these two seemingly easy questions, we have organised a webinar together with cybersecurity company Intel 471. Two security experts took control of their ransomware submarine.

Maurits Lucas, Director of Intelligence Solutions at Intel 471, took a deep dive to explain what goes on under the surface. How do cyber-criminals develop and distribute ransomware? And how can you spot this activity before it’s too late?

Then, Eward Driehuis, SVP Strategy at Cybersprint, described how you can bring risks in your digital footprint back to the surface. What do you need to map and monitor your digital assets? How can these insights help you prioritise the systems that need your attention the most?

Watch the Webinar >

Criminal partnerships

Intel 471 is specialised in the Intelligence aspect of cybersecurity. Their malware solution is able to detect and monitor both adversary intelligence (what do the bad guys talk about, what are they selling/buying?) as well as malware intelligence (what tools do they use to conduct their activities?)

What they see is that most of the malware does not come from a single actor, or even from a single group. Rather, it is the work of actor groups coming together in loose affiliation around, for instance, a certain buyer-seller relationship. As different groups have developed specialties of the malware process, they have to build partnerships to make and distribute an attack successfully.

Intel maps that structure, making them able to see who is responsible for what aspect. Tracking this gives them early warning signals, helping organisations stay more secure.

Linking digital risk to business risk

When Eward took the wheel, he explained how many organisations struggle to get a good grasp on their digital footprint. And if you don’t fully know what assets are out there, how can you repair the vulnerabilities they use to plant their ransomware?

Cybersprint provides a Digital Footprint platform to help organisations build their resilience. To protect from threat actors, you need to look at your organisation in the same way as they do: from the outside-in. What digital assets are out there, how do they link to your systems, and are there any weak spots?

Eward shows how automated and continuous monitoring reveals risks, making sure security specialists can take appropriate action. Well before they’d have to make any dreaded phone call.

Want to see the submarine making the full dive? Click here to watch the recording of the webinar.Watch the Webinar >

pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us