“Attackers specializing in extortion, knowledge theft, and espionage are likely to carry out extra actions, with pivoting, knowledge harvesting, and exfiltrating being these additional actions,” the researchers wrote. “Attackers who depend on receiving ransomware funds for decryption are likely to carry out a decrease variety of actions as they’re mainly smashing and grabbing.”
Shifting techniques
Ransomware represented nearly 10% of all kinds of threats that Huntress detected or investigated, with the healthcare, expertise, schooling, manufacturing, and authorities sectors seeing the best charges of ransomware incidents. Nonetheless, it’s value noting that among the different threats tracked individually, similar to malware or scripts, are sometimes supply mechanisms for ransomware or are utilized by preliminary entry brokers who then promote the entry to ransomware teams.
For instance, Huntress famous a big spike within the abuse of distant monitoring and administration (RMM) instruments similar to ConnectWise ScreenConnect, TeamViewer, and LogMeIn for each gaining and sustaining entry to networks. Some ransomware teams have exploited zero-day vulnerabilities in RMM instruments up to now.
