From the early instances of Locky to the more recent infestation of the WannaCry attacks, ransomware is unquestionably on the rise.

Ransomware is commonly received by the victim through an unsolicited email from an unknown sender as an attachment or else injected into a user’s browser session through a web browser vulnerability. The widespread success of ransomware is due to several factors, including the fact that it does not require administrative privileges like other malware. In addition, many companies do not maintain current and complete back-ups of their data and assets, which leaves them vulnerable to this type of attack.

As ransomware continues to make headlines in health care, transportation and many other critical business areas, the experts from IBM X-Force Incident Response and Intelligence Services offer a guide for organizations faced with a ransomware infection.

Read the Ransomware Response Guide to learn:

  • How you can protect your critical information and resources;
  • How to identify the specific variant of ransomware and determine how the malware entered the organization;
  • How to contain and remove the ransomware from the infected systems.

Download the complete Ransomware Response Guide

More from Software Vulnerabilities

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but even over a month after the patch, no additional information outside of Microsoft’s advisory had been publicly published. From my side, it had been a…