Thursday 3 October 12:00 - 12:30, Red room
Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft)
Human-operated ransomware campaigns are among the most evident threats in today's security landscape, where attackers actively target organizations with custom-built techniques and methods.
These attacks have increasingly become sophisticated cybercrimes that can jeopardize large companies, government agencies, and critical infrastructure. In recent times, attackers have shifted their paradigm from launching targeted attacks on on-premises infrastructure to targeting the organization's cloud-based assets, which provides them additional attack surface and pivoting capabilities.
Attackers often come up with a new set of TTPs, such as RMM tools, open-source toolkits, custom arsenal, and novel exploits, which make them inevitable to current defence solutions. On top of that, their innovative ways to target identity providers and evade security products provide them God-mode capabilities. Recently, ransomware attacks have become a big multi-layered problem where threat actors focus more on more significant impacts, such as targeting ESXi infra, compromising cloud and AAD, and extorting targeted data with good ROI as the only benchmark.
In this paper, we will investigate a few prominent ransomware operator groups working with AKIRA, Cactus and Blackcat RaaS and their modern witchcraft, which cause billions of dollars of damage to organizations. We will dissect toolkits, multi-vector attack strategies, and the attack paths they are using to compromise and navigate in the cloud and on-premises infrastructure, how they are bypassing existing security solutions, their impact methodology, which encrypts the ESXi virtualization servers, critical files from on-premises, and exfiltrates sensitive data from the organizations. This paper aims to produce awareness of the emerging ransomware threat model to prepare us better to fight these bad guys on the cloud and the on-premises battleground.
Vaibhav Deshmukh Vaibhav Deshmukh is a senior security researcher at Microsoft Advanced Detection team. He investigates and tracks human-operated ransomware and hybrid ransomwares attacks. He has been working in the field of security for more than nine years, concentrating on malware analysis, traffic analysis, incident response, APT hunting, and red teaming. He has strong skills in reverse engineering and automation development. He has authored research papers on topics such as advanced Android vulnerabilities & exploitations, living off the land binary attribution, and more.
|
|
Ashutosh Raina Ashutosh Raina is a senior security researcher within Microsoft's R&D division, His proficiency spans across various areas such as EDR Research, system programming, deception technology, malware analysis, reverse engineering, data loss prevention, red teaming, memory forensics, and product security.
|
|
Sudhanshu Dubey Sudhanshu Dubey is a senior security researcher within Microsoft's R&D division in the Defender Advanced Detection Team. He focuses primarily on analysing human-operated ransomware attacks and designing protection against them. He has been working in the field of security for the last 10 years, previously working with amazing people at FireEye, McAfee and Quick Heal. |
Back to VB2024 conference page