ThreatConnect Podcast

ThreatConnect Ep. 18: Anatomy of a Ransomware Attack

In this episode of the ThreatConnect Podcast, we dig into the anatomy of a ransomware attack, as well as the criminal groups behind them, with the help of Brian Carter, Principal Threat Researcher from Hyas InfoSec. – a ThreatConnect Technology Partner.

In the aftermath of the ransomware attacks on the Colonial Pipeline and the world’s largest meat distributor, the U.S. Department of Justice is elevating investigations of ransomware attacks to a level on par with terrorism. According to internal guidance sent to U.S. attorney’s offices across the country, information about ransomware investigations in the field will now be centrally coordinated with a recently created task force in Washington, D.C.

Ransomware has become one of the primary interests of criminal cyber groups, which have developed a sort of criminal “support industry” that offers access to large corporations, selling credentials for remote access tools, and laundering cryptocurrency.

Ransomware operators often participate in criminal forums and Telegram groups where cybersecurity threat analysts can frequently monitor their discussions, offers, and disputes and mine them for data that is helpful for understanding how they operate.

Coming so soon after the ransomware attack against the Colonial Pipeline system, the recent attack against meat distributor JBS USA demonstrates the urgent need for critical infrastructure owners and operators to adopt a risk-led cybersecurity program. It is becoming clearer by the day that these major firms are not having the proper risk conversations between their cybersecurity experts and the business executives.