-
Book Overview & Buying
-
Table Of Contents
Incident Response Techniques for Ransomware Attacks
By :
Any attack starts from an initial access. It can be an access to the internal network via a VPN, a trojan delivered via spear phishing, a web shell deployed via exploitation of public-facing application, or even a supply-chain attack.
At the same time, the three most common initial attack vectors are RDP compromise, spear phishing, and exploitation of software vulnerabilities.
For example, here are some statistics on the most common ransomware attack vectors in Q2 2021 collected by Coveware (source: https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority):
Figure 2.1 – The most common ransomware attack vectors according to Coveware
Let's look at each of them in greater detail, with examples, of course.
For many years, RDP has remained the most common way for threat actors to access the target network. From Chapter 1, The History...
Change the font size
Change margin width
Change background colour