Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Ransomware Kill Chain and Controls - Part 1
With the rising threat of ransomware, we continue to see more and more coverage of the topic in the news and in marketing campaigns. I guess about half of all marketing emails I get are ransomware-oriented. It could be the lists I am on, but I think ransomware is shaping up to be the top marketed threat in 2016.
In all the materials I have received on this subject, I haven’t seen the evolution of the kill chain for this threat. It is important to map out the different steps of the attack so we can understand the threat and map controls to it. Below is the basic structure of a ransomware attack we have developed.
Step 1: Lure – This is the bait used to launch the attack. We typically see phishing emails with infected attachments or links, but it also could be a hacked website or malicious ads. If the user “takes the bait” by clicking on a link or opening an attachment, this triggers the next step.
Step 2: Install – Once an individual clicks on a malicious file, the malware is installed on the user’s device. Many times the user may not know the malware is being installed and that their device is being taken over with infected software.
Step 3: Call Home and Key Exchange – After the malware is installed, it needs to “call home” to get the unique encryption key from the server so the files can be decrypted after the ransom is paid (although it is not guaranteed that the attackers will hold up their end of the deal if they are paid).
Step 4: Encryption – The ransomware then encrypts files or systems on the device, to restrict access. This effectively locks data from the user or renders the entire device inoperative.
Step 5: Ransom/Extortion – In order to gain access to the system or data, the threat actors request payment (or ransom) from the victim to unlock the device.
Understanding each stage of the kill chain allows us to answer the following questions:
In our next blog post we will map out countermeasures for each step that will lessen our exposure level.
Let us know what you need, and we will have an Optiv professional contact you shortly.