What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Jun 03, 2022
UPDATE: CVE-2022-26134 – Confluence Zero-Day Vulnerability
THE THREAT June 3rd Update: Atlassian has released security patches to address this vulnerability. On June 2nd, 2022, Atlassian disclosed a critical vulnerability impacting the Confluence…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jul 29, 2021

Tactical Experts Driving Success for Ransomware Gangs

2 minutes read
Speak With A Security Expert Now

Ten, twenty years ago, when you heard the word ‘ransomware’ it was because you (or someone you know) clicked a rogue link in an email by a lone-wolf hacker working out of a dark basement, which downloaded a virus on your computer and locked all your files. The attacks were automated and opportunistic and the fee to restore the data may have been a few hundred dollars at best.

The modern ransomware threat landscape is much different. Ransomware attacks have evolved from opportunistic attacks to targeted attacks that resemble heists to integrated business models for threat actors. What’s more is that there are no dingy, dark basements, and the hackers certainly aren’t lone wolves. Today’s threat actors have formed sophisticated groups with well-run operations that resemble those of enterprise organizations.

All this to say: cybercrime as we know it has changed.

The traditional opportunistic attacks eventually failed to make an impact. As would-be victims began to educate themselves on how to spot malicious emails, and organizations leveraged security practices such as email filtration, it became clear to threat actors that their tactics had to evolve as well, by:

In the past four years, we have seen an exponential rise in the use of Ransomware-as-a-Service (RaaS), which has led to the formation of new ransomware groups as they no longer need to create new attack tactics to gain access into their targets’ environments. This increase in RaaS has pushed organizations to start taking what used to be small annoyances (e.g., spam mail or strange websites) much more seriously.

So, what’s driving this rise in RaaS?

As we explain in the 2021 eSentire Ransomware Report: Dissecting Today’s Ransomware Ecosystem, this growth is largely driven by the recruitment of tactical experts within ransomware groups, who specialize in one specific aspect of the overall ransomware intrusion model.

By effectively encouraging each member to become an expert in one role, ransomware groups can procure specific services to expand their reach and increase the velocity of their campaigns. In fact, they can go as far as designing specific lures to target a certain industry to ensure that their campaigns leave no room for mistakes.

The result of cultivating these tactical experts is the formation of a cooperative cybercrime marketplace that is far more efficient than what most organizations are prepared for.

By leveraging tactical experts, modern ransomware groups have given their team members the structure like that of an enterprise organization all to move towards one unified goal: maximum financial benefit.

The fact of the matter is, threat actors and organizations are locked in an arms race and unfortunately, there’s no silver bullet. Ransomware has become too big a threat for any organization – big or small – to ignore.

Today, CISOs are well aware of the responsibility they, and their security teams, shoulder to keep up with the latest tactics, techniques, and procedures (TTPs). As a result, CISOs are constantly having to evaluate their security programs to strengthen their security posture and controls against the heightened risk they’re facing from the ever-evolving ransomware groups and threat landscape.

To learn more about the most popular initial access techniques used by threat actors, download the 2021 eSentire Ransomware Report: Dissecting Today’s Ransomware Ecosystem report.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.