Match Legitimate Name or Location and Data Encrypted for Impact
Once in your environment, adversaries will try to evade your defenses and may rename their code to look like a legitimate executable. They could also encrypt your data with ransomware. Don't let adversaries hold you over a barrel. Get hands-on and learn to detect and mitigate these techniques today.
After an adversary takes the time to gain access to an environment they aren’t likely to give up their position by being completely obvious. Adversaries need to evade detection in order to have the time to find the information they’re really after. One technique to accomplish this is by hiding in plain sight. Adversaries may name their malicious payloads similarly to system files or commonly installed programs. They’ll even make sure to store these files in similar directories, all in service of avoiding detection.
According to the 2021 Verizon Data Breach Investigations Report (DBIR), ransomware has increased around 10%, making it the third most common type of attack among all breaches. Many now know that an effective backup strategy can mitigate the risk of ransomware, but ransomware gangs aren’t so easily outdone. They have quickly pivoted to exfiltrating the data first then encrypting. This allows them to blackmail organizations with the threat of data disclosure if the ransom isn’t paid. The pace of ransomware certainly isn’t slowing, are you keeping pace?
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Defense Evasion and Data Encryption for Impact in your environment now.