Microsoft’s Threat Protection Intelligence Team recently reported that ransomware groups may remain on an organization’s system even after receiving the requested payment. Ransomware involves the deployment of malware to lock or prevent user access to a network or system followed by a demand for payment of a “ransom” to restore normal access.
In April 2020, the Microsoft report reflected an increase in the number of a variety of ransomware attacks, including those known as RobbinHood, Maze and NetWalker, directed at critical industries such as medical billing companies, aid organizations, manufacturing, transport and governmental entities. The report identified that attackers may linger even after being paid:
On networks where attackers deployed ransomware, they deliberately maintained their presence on some endpoints, intending to reinitiate malicious activity after ransom is paid or systems are rebuilt.
The report summarizes the various types of attacks and offers steps to detect and investigate possible ransomware infections.
© 2020 Ossian Law P.C.