Anatomy of a Targeted Ransomware Attack
Ransomware is a type of malicious software that encrypts files on computers, rendering them useless until decrypted. Payment for decryption keys is often demanded in cryptocurrency. Recently, Cloudflare protected a Fortune 500 company from a targeted ransom DDoS attack. The author shares insights into the evolution of ransomware attacks and how Cloudflare can help prevent them. Key points include: 1. Attackers often exploit unpatched vulnerabilities, compromised credentials, or spear-phishing to gain initial access. 2. After gaining access, attackers perform internal reconnaissance, install backdoors, delete data backups, and exfiltrate sensitive data before deploying ransomware. 3. Cloudflare's Access protects RDP servers from brute force attacks, while Magic WAN & Firewall allow users to control access to other internal resources. 4. Web Application Firewall (WAF) can block exploitation attempts until a patch becomes available. 5. Gateway with AV helps detect malicious files and domains, while Cloudflare RBI isolates threats at the browser level. 6. Maintaining multiple redundant backups of critical systems and data is crucial for recovery from ransomware attacks.
Company
Cloudflare
Date published
March 23, 2021
Author(s)
James Espinosa
Word count
1365
Language
English
Hacker News points
1