《应对现代勒索软件威胁和多重勒索策略.pdf》由会员分享,可在线阅读,更多相关《应对现代勒索软件威胁和多重勒索策略.pdf(6页珍藏版)》请在三个皮匠报告上搜索。
1、Facing Modern Ransomware Threats and Tackling Multi-Extortion TacticsSanjay PoddarAdvanced Services Engineer,FortinetThe New Face of RansomwareRansomware is no longer just about file encryption.Rise of multi-extortion:encryption+data theft+public shaming+DDoS“Pay once to get your data back,pay again
2、 to stop the leak.”The Business Model Behind Modern Ransomware Initial access brokers sell credentials to ransomware affiliates Ransomware as-a-Service(RaaS)Data Leak Sites DDoS-as-a-service Payments through cryptocurrencyData leak sites are used to shame victims and drive urgencyDDoS-as-a-service i
3、s used as added leverage*Payments often flow through cryptocurrency mixers and affiliate splitsReal-World ExampleBrief anonymized case study or example from news.Highlight speed of attack,level of damage,and response failure/success.FIN12s Rapid Ransomware Attack on a Healthcare ProviderKey Takeaway
4、sWhy Traditional Defenses Fail Focus too heavily on post-encryption recovery Limited visibility into lateral movement and data staging Incident response plans dont account for public data leaks Flat networks allow attackers unrestricted access Security,legal,and PR Teams often work in silosFive Ways
5、 to Fight Back Segment your network and limit lateral movement Monitor for pre-encryption behaviors like large file access,exfiltration Encrypt your own data before attackers do Build and test a response plan specific to multi-extortion Treat data exfiltration as part of your ransomware threat model