While phishing remains the most common attack vector, threat actors have introduced tactics, techniques, and procedures that don’t require a victim to click on a malicious link or open a weaponized document to become infected.

Instead, they are utilizing exploits, such as Eternal Blue, and uncommon programming languages and obscure data formats to deposit ransomware directly on to victims’ systems, thereby acquiring the persistent access they need to exchange encryption keys and process payments.

Increasingly, threat actors are also exfiltrating and threatening to expose victims’ data, or to notify regulatory authorities, if their ransom demands are not met.

Although law enforcement advises victims not to pay, many firms will do so anyway based on the degree to which their operations are impaired, the potential impact on customers and shareholders, the relative costs of recovery and cleanup, and the extent to which exposure of data could subject the organization to regulatory penalties or damage its brand or reputation.

Find out more how to reduce risks and impacts of ransomware incidents.