Ransomware attacks have plagued the IT landscape for some time now for a number of reasons: the general simplicity of the attack vector making it approachable for even casual hackers; the scalability to be able to impact a wide range of targets from individuals to enterprise; and most notably, the monetary dimension of holding hostage an enterprise’s most prized asset, its data. If you consider the evolution of an attack like data kidnapping (essentially data exfiltration coupled with cryptographic lockout with or without intention to ransom back to an organization), ransomware vulnerability mitigation and prevention is a paramount/critical area of focus for every IT organization.
Anatomy of a Ransomware Attack
So how do ransomware attacks happen? Like most attack vectors, they start with a malicious payload getting inside the boundary protection of the enterprise. Once inside, the payload phones home to the attacker’s command and control server for two purposes