January 19

Webinar takeaway – Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse


My key takeaways

  • PC Cyborg AIDS trojan in 1998 => first known ransomware
    • $189 asked as ransom
  • CryptoLocker, 2013
    • first to ask for Bitcoin
  • "Ransomware 2.0", from 2019
    • made backups less of a protection
    • the access to the victim becomes the "gold"
  • Todays ransomware workflow
    1. stager
    2. look around (trickbot) and calling home (C2 server)
    3. if detected by virustotal, tells the ransomware to reencrypt itself! <- almost undetectable by AV/EDR software
    4. Collect passwords
    5. Notify C2 about new intrusion
    6. dwells up to 8-12 month
    7. Hacker come in, assess and analyze the victim
    8. Steal valuable data
    9. Encrypt and ask for ransom
  • LOL (living of the land) so mimic normal admin tools and traffic <- makes it even harder to detect as anomalie
  • double extortion (encryption and threat to publish stolen data) is the new norm now
  • Ransomware gangs now also have PR departments puting out press releases
  • There are approx 100-200 active ransomware groups
    • RaaS (Ransomware as a Service) makes it easy for criminals to join in
  • Ransomware gangs are also used by nation states as cyber weapons
  • New trend: Ransomware gangs are becoming access brokers
  • New trend: putting cryptominers in the victims network for some extra bling
  • New trend: DDoS, instead of encryption <- make backups worthless again
  • New trend: more and more LOL and changing tactics "on-the-fly"
  • Might we end up in a good bot vs bad bot world regarding ransomware?
  • Ransomware is not the real problem, it’s how ransomware got in and become admin! <- stop the root cause
  • 50% of all ransomware attacks might be rooted to social engineering
    • top 3 causes:
      1. social engineering
      2. unpatched software
      3. password issues
  • Ransomware is also spread by Google Ads


additional links


ransomware, social engineering

You may also like

Event takeaway: Layer8 Conference

Event takeaway: Layer8 Conference

Event takeaway: Deutscher IT-Security Kongress

Event takeaway: Deutscher IT-Security Kongress
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}