Paying out on a ransomware payment is a tough pill to swallow. But what if you had to do it 2 times, 3 times, or even 4 times on that same vulnerability and breach? It’s happening more frequently, and it’s time to address the root causes - a failure to address the initial vulnerabilities and a lack of critical detection capabilities.
What are multiple-attack ransomware scenarios and how do they work?
Quite simply, multiple-attack ransomware is a situation where a business or organization suffers multiple
ransomware attacks over a short period of time, all as a direct result of the initial attack. Sometimes these
attacks occur simultaneously in a coordinated attack; other times, the attacks may be separated by a few days, weeks, or months.
While there are cases where the secondary and tertiary threat actors leverage the same malware, tactic and techniques to deliver their own ransomware payload, other cases have illustrated the threat actor community’s ability to quickly evolve and deploy different kinds of malware to evade potential detections or protections that may have been installed after the first ransomware event. In each case, an actor will drop its own ransomware, encrypting and often exfiltrating data for monetization on the dark web.
Read our Threat Insight below for more information!
What are multiple-attack ransomware scenarios and how do they work?
Quite simply, multiple-attack ransomware is a situation where a business or organization suffers multiple
ransomware attacks over a short period of time, all as a direct result of the initial attack. Sometimes these
attacks occur simultaneously in a coordinated attack; other times, the attacks may be separated by a few days, weeks, or months.
While there are cases where the secondary and tertiary threat actors leverage the same malware, tactic and techniques to deliver their own ransomware payload, other cases have illustrated the threat actor community’s ability to quickly evolve and deploy different kinds of malware to evade potential detections or protections that may have been installed after the first ransomware event. In each case, an actor will drop its own ransomware, encrypting and often exfiltrating data for monetization on the dark web.
Read our Threat Insight below for more information!