After Security Researcher Brad Antoniewicz asked whether those who take computer’s hostage actually decrypt files, he was told that they are in it to make money He decided to research the topic of ransomware further and found that it all starts with the simplest things and then leads to more serious consequences.
For example, a blog that showed up normally in the Chrome browser was put in the form of an error message, which was being spawned by another process outside the browser. Clues given by the page source code showed suspect code had been added in the IE view by someone who used an exploit kit. These exploit kits are used by attackers on an “as a service” basis and then hit unsuspected victims with malware such as ransomware. Ransomware only locks down certain files and folders so attackers can use your computer to make you pay your ransom.
Antoniewicz like to to refer to “patient zero” (first person to get infected) to learn what else on the network might have been affected and prevent future attacks.
Cisco Umbrella colleagues examine attacks from the DNS level. Antoniewicz says that anyone can view DNS logs and DNS is often something that is overlooked but can give you an overlook of what is happening on your network or even let you block certain connections. Furthermore, the team utilizes machine learning and data analytics to make sense of data and produce predictive models which can help mitigate attacks in the future.