Ransomware with encryption and double extortion.
A ransomware group / affiliate encrypts all of your files and then asks for money to decrypt them.
If you don't pay, they will publish all the files.
Risk Table
Understand the potential risks from this threat event, broken domain by system.
| System | Likelihood (C | I | A) | Consequence | Impact (C | I | A) | Risk (C | I | A) |
|---|---|---|---|---|
| Customer Database | 4 | 4 | 4 | Data Protection Fine | 4 | 4 | 4 | 16 | 16 | 16 |
Cyber Threat Graph Context
Explore how this threat event relates to the wider threat graph
Intrusion Sets
Real world cyber attackers who demonstrate this type of threat.
Dark Angels Team Ransomware Group
Dark Angels Team reportedly emerged in May 2022 having developed a strain of ransomware based on previously leaked Babuk builders. They ...
CACTUS Ransomware Group
CACTUS is ransomware group observed targeting victims since at least March 2023. The name CACTUS has been derived from the ransom note left with ...
Bl00dy Ransomware Gang
The Bl00dy Ransomware Gang emerged around May 2022 and employs double extortion tactics against targeted organizations. Unlike traditional data ...
Black Basta Ransomware Group
Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. It quickly became one of ...
MITRE ATT&CK Techniques
Explore the TTPs associated with this threat event - based on historical activity by the typical threat actors.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1566.002 | Spearphishing Link | Initial Access |
| T1593.001 | Social Media | Reconnaissance |
| T1204.001 | Malicious Link | Execution |
| T1594 | Search Victim-Owned Websites | Reconnaissance |
| T1585.002 | Email Accounts | Resource Development |
| T1102 | Web Service | Command and Control |
| T1583.001 | Domains | Resource Development |
| T1566.003 | Spearphishing via Service | Initial Access |
| T1597 | Search Closed Sources | Reconnaissance |
| T1585.001 | Social Media Accounts | Resource Development |
| T1608.001 | Upload Malware | Resource Development |
| T1203 | Exploitation for Client Execution | Execution |
| T1589.002 | Email Addresses | Reconnaissance |
| T1204.002 | Malicious File | Execution |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1047 | Windows Management Instrumentation | Execution |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1059.007 | JavaScript | Execution |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1486 | Data Encrypted for Impact | Impact |
| T1484.001 | Group Policy Modification | Defense Evasion, Privilege Escalation |
| T1003.001 | LSASS Memory | Credential Access |
| T1489 | Service Stop | Impact |
| T1059.003 | Windows Command Shell | Execution |
| T1587.001 | Malware | Resource Development |
| T1007 | System Service Discovery | Discovery |
| T1136 | Create Account | Persistence |
| T1074.001 | Local Data Staging | Collection |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1584.004 | Server | Resource Development |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1005 | Data from Local System | Collection |
| T1136.002 | Domain Account | Persistence |
| T1082 | System Information Discovery | Discovery |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1003.003 | NTDS | Credential Access |
| T1569.002 | Service Execution | Execution |
| T1588.003 | Code Signing Certificates | Resource Development |
| T1071.001 | Web Protocols | Command and Control |
| T1087.002 | Domain Account | Discovery |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1482 | Domain Trust Discovery | Discovery |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1070.004 | File Deletion | Defense Evasion |
| T1135 | Network Share Discovery | Discovery |