Gone are the days when malware and ransomware groups would operate by launching spam campaigns in hopes of infecting random users online.
Today, ransomware operators have evolved from a host of malware gangs to a series of sophisticated cybercrime gangs with the skills, tools, and budgets of government-backed hacking groups.
Nowadays, ransomware gangs rely on multi-level partnerships with other cybercrime operations. These groups, called primary access brokers, act as a supply chain for clandestine crime, providing ransomware gangs and others with access to large groups of compromised systems.
These compromised systems are the remote desktop protocol endpoints, backdoor networking devices, and malware-infested computers, and they allow ransomware gangs to easily access corporate networks, escalate their access, and encrypt files to demand huge ransoms.
(Primary access brokers) are an important part of the cyber crime scene. Today, three types of brokers stand out as the sources of most ransomware attacks: the vendors of compromised (remote desktop protocol) endpoints, the vendors of compromised network devices, and the vendors of computers previously infected with malware.
Protecting from these three types of initial access directions is often the easiest way to avoid ransomware. While protection against the first two usually involves practicing good password policies and keeping equipment up-to-date, it is difficult to protect against the third vector from it. This is because malware operators often rely on social engineering to trick users into installing malware on their systems themselves, even if their computers are using modern software.
There is a list of known strains of malware that have been used over the past two years to install ransomware. The site has collaborated with security researchers from companies such as Advanced Intelligence, Binary Defense and Sophos.
System administrators in companies must; Once you discover any of these malware strains, devote themselves to addressing them, shutting down systems, and checking and removing malware as a top priority.