TTCSIRT-350.09.03.20: TT-CSIRT ADVISORY – Ransomware families LockBit, Maze headline ransomware

Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape over the past quarter, according to a new report. Infections involved a wide variety of malware families including LockBit and Maze, among others.

Sixty-six percent of all ransomware attacks this quarter involved the red-teaming framework Cobalt Strike, suggesting that ransomware actors are increasingly relying on the tool as they abandon commodity trojans.

Actors targeted a broad range of verticals, including manufacturing, education, construction, facility services, food and beverage, energy and utilities, financial services, healthcare, industrial distribution, real estate, technology, and telecommunications.

The top targeted vertical was manufacturing, a change from last quarter when the top targeted industries were health care and technology.

For detailed information and support, please visit the following link:
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt