Less Lucrative Ransomware Market Makes Attackers Alter Methods
Summary
Ransomware attackers are shifting tactics due to a less profitable market, with payment rates reaching all-time lows. Attackers are increasingly favoring native Windows tools over Cobalt Strike and are focusing more on data theft rather than direct encryption.
IFF Assessment
FOE
The shift to native tools makes detection harder and the increased focus on data theft represents a more insidious form of extortion.
Defender Context
Defenders should be aware of this shift and enhance their monitoring for the misuse of legitimate Windows binaries, as these can be harder to distinguish from normal activity. The rise in data theft means organizations need robust data exfiltration detection and incident response plans.