According to FortiGuard Labs statistics, average weekly ransomware activity was more than tenfold higher in June 2021 than a year ago. Over the course of a year, this shows a continuous and overall steady increase.
REvil threat actors typically deployed ransomware encryptors using the legitimate administrative tool PsExec with a text file list of computer names or IP addresses of the victim network obtained during the reconnaissance phase.
The first is to determine whether the attack is still underway. If suspected it is, and don’t have the tools in place to stop it, determine which devices have been impacted and isolate them immediately.
Conti ransomware stands out as one of the most ruthless of dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences.
Serious players in the ransomware scene don’t use malware for which decryption tools are publicly available, however. At this point, incident response consultants may be able to determine how the actor was able to gain access to the victim organization’s infrastructure but that is heavily dependent upon factors like the actor’s “dwell time”