Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service

Ransomware: Strategies for Faster Detection and Response

Sophos' Peter Mackenzie Describes Typical Attack Life Cycle and Data Exfiltration Moves Mathew J. Schwartz (euroinfosec) • June 26, 2021    
Peter Mackenzie, incident response manager, Sophos

What is the life cycle of a typical ransomware attack, and how can organizations get better at detecting and blocking this criminal activity?

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

"One of the common mistakes people make with a ransomware attack is they come in in the morning, they see their data has been encrypted, and they think the attack happened that night," says Peter Mackenzie, the incident response manager for security firm Sophos.

But while the crypto-locking malware may well have just been triggered, typically attackers have been inside the network for much longer. Mackenzie says attackers "often deploy the ransomware overnight when fewer admins are watching, but the actual attack is normally days or weeks longer than that; it does take time to organize these things."

In a video interview with Information Security Media Group, Mackenzie discusses:

  • The life cycle of a typical ransomware attack;
  • Top tactics criminals use for hitting networks and exfiltrating data;
  • Best practices for helping organizations more quickly spot and block attacks.

Mackenzie, who has worked at Sophos since 2011, manages the company's incident response team and helps customers triage, contain and neutralize threats.

Previous
Ransomware Operations 'Based on a Culture of Mistrust'
Next
Why Criminals Love Ransomware: In Their Own Words

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.