<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Ransomware: What happens under the surface?

by Sebastiaan Bosman Blog 3 Dec 2020

Every now and then, there’s a new headline about an organisation hit by a ransomware attack. How parts of their infrastructure and sensitive data was suddenly encrypted, impacting customers, productivity, and their reputation. What would you do in such a situation? Pay the ransom? Or should you never negotiate with criminals?

Experts at the helm

Naturally, you’d rather never have to make that decision. Though you can never fully prevent being hit by a ransomware attack, you can significantly decrease the chance of it happening. To do that, you first need to understand two things:

How do the bad guys operate?
What do you have that needs protecting?

To help you answer these two seemingly easy questions, we have organised a webinar together with cybersecurity company Intel 471. Two security experts took control of their ransomware submarine.

Maurits Lucas, Director of Intelligence Solutions at Intel 471, took a deep dive to explain what goes on under the surface. How do cyber-criminals develop and distribute ransomware? And how can you spot this activity before it’s too late?

Then, Eward Driehuis, SVP Strategy at Cybersprint, described how you can bring risks in your digital footprint back to the surface. What do you need to map and monitor your digital assets? How can these insights help you prioritise the systems that need your attention the most?

Watch the Webinar >

Criminal partnerships

Intel 471 is specialised in the Intelligence aspect of cybersecurity. Their malware solution is able to detect and monitor both adversary intelligence (what do the bad guys talk about, what are they selling/buying?) as well as malware intelligence (what tools do they use to conduct their activities?)

What they see is that most of the malware does not come from a single actor, or even from a single group. Rather, it is the work of actor groups coming together in loose affiliation around, for instance, a certain buyer-seller relationship. As different groups have developed specialties of the malware process, they have to build partnerships to make and distribute an attack successfully.

Intel maps that structure, making them able to see who is responsible for what aspect. Tracking this gives them early warning signals, helping organisations stay more secure.

Linking digital risk to business risk

When Eward took the wheel, he explained how many organisations struggle to get a good grasp on their digital footprint. And if you don’t fully know what assets are out there, how can you repair the vulnerabilities they use to plant their ransomware?

Cybersprint provides a Digital Footprint platform to help organisations build their resilience. To protect from threat actors, you need to look at your organisation in the same way as they do: from the outside-in. What digital assets are out there, how do they link to your systems, and are there any weak spots?

Eward shows how automated and continuous monitoring reveals risks, making sure security specialists can take appropriate action. Well before they’d have to make any dreaded phone call.

Want to see the submarine making the full dive? Click here to watch the recording of the webinar.Watch the Webinar >

pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Editorial: Exchange CVEs: The Response Plan Gap

It’s been two weeks since Microsoft released a patch for the Exchange vulnerabilities. For many, the dust has settled. Others are still fighting fires. Today, I’d like to look back at some of the problems we saw. Some were expected, other surprised us. I’ll go over them, and give tips on how these problems can be avoided in the future.

read more

Editorial: Supply chain attacks

Today, supply chain attacks are as abundant as they are elusive. However, as many parties communicate about the dangers and their technical solutions, not much is said about the basics of supply chains attacks. I have written this article based on my personal experiences knowledge on the subject. I hope it answers most of your questions about the topic, so that you have a solid basis to expand your supply chain security from.

read more

Attack Surface Management compared to 5 security technologies

In this blog, we'll cover our attack surface management approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with attack surface management. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how attack surface management is positioned with regards to External Threat Intelligence.

read more

Do you have a question?

Our experts have the answers

Contact us