Ransomware with Recovery Disruption

After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objectives!

Time
1 hour 30 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
Campaign Overview
10m

2.1What is the “Data Encrypted for Impact” Technique?

10m

2.2What is the “Inhibit System Recovery” Technique?

10m

2.3Detection, Validation, and Mitigation (Lab)

1h
Course Description

Every adversary has a different objective. For some, that objective is to disrupt the target’s operations either as the desired end result or as a means to extort that organization with financial gain as the final goal. Either way, encrypting large volumes of data in the target environment is an effective method of achieving those objectives. Our course covers these final techniques associated with ransomware attacks, including T1486 Data Encrypted for Impact and T1490 Inhibit System Recovery.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactics of discovery and persistence.

Instructed By
Chris Daywalt

Chris Daywalt

Security Freelancer

Instructor
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Ransomware with Recovery Disruption Certificate of Completion