Arrival of the evolved ransomware attack

Gordon Love, Vice President MEA, Mandiant.
Gordon Love, Vice President MEA, Mandiant.
by
3 years ago

Digital technologies are continuously improving the functionalities of business solutions, and cyber security is no different. Mandiant Automated Defence combines data from your security stack with data science and machine learning capabilities to triage alerts, automatically eliminating events that don’t matter and revealing the ones that do.

Since its inception, Mandiant has tracked more than 2,400 threat groups, including 650+ newly tracked since 2020. In the last 12 months, the way ransomware attacks are conducted has changed, resulting in different business consequences and how we protect against them.

Earlier ransomware attacks referred to malware encrypting files to disrupt normal business functions. The popular strategy to thwart such attacks included creating a solid offline backup to minimise the risk of business discontinuity.

Mandiant has tracked more than 2,400 threat groups, including 650+ newly tracked since 2020.

The evolved ransomware attack, which Mandiant has termed – multifaceted extortion is a collection of tactics including deployment of encryption, theft of sensitive data, mass dissemination of data to name-and-shame.

Attackers are now even deploying additional coercive tactics – such as DDoS, harassing employees and business partners or publicising their attacks in the media to extort ransom payments.

As economies continue to recover from the disruption, cyber security spends will be increasingly scrutinised. CISOs need to understand if their technology is deployed optimally, threats are being detected and blocked or if security settings are configured correctly. Therefore, security validation is essential to find out whether they are getting a good return on investment.

In the last 12 months, the way ransomware attacks are conducted has changed, resulting in different business consequences

Security validation provides quantifiable data to the business on the effectiveness of their cyber security controls. As remote, hybrid working remains just as popular in 2021 and in the foreseeable future, validation will help answer questions such as:

  • Are there any gaps in the remote infrastructure?
  • Do people with higher privileges still need them

Organisations in the Middle East are at a higher risk of cyber-attacks due to the geopolitical situation and the rapid adoption of digital transformation. To defend against the growing threat of cyber-attacks, CISOs need to continue to utilise the right technologies, but also more importantly, external threat intelligence services to enhance existing cyber defences.

Attackers are now even deploying additional coercive tactics, such as DDoS, harassing employees, publicising attacks in media

Threat intelligence will remain as relevant and as significant in the coming two years. Intelligence will provide valuable insight to organisations of all sizes regarding visibility into the latest threats directly from the frontlines. CISOs will continue to seek out intelligence to threats relevant to their industry or vertical.

Threat intelligence provides several benefits to CISOs, including the ability to make informed decisions, prioritise vulnerabilities and exposures by focusing on the highest risk first; access threat actor indicators, tactics, and behaviours to reduce alert fatigue, and quickly surface malicious attacks and seamlessly integrate threat data into existing detection tools.


Extended detection and response engine uses decision automation to recall events that occurred in the past, correlating this with threat intelligence to enrich incidents for escalation and remediation. CISOs can thus free their people and resources to focus on what’s important and improve their overall security posture and be able to stop attacks before they impact the organisation.


Multifaceted extortion is a collection of tactics including deployment of encryption, theft of sensitive data, mass dissemination of data to name-and-shame.

Don't Miss

Our mission is to make Organizations secure from cyber threats, said Gordon Love

Gordon Love, Vice President – EMEA Emerging Region. Mandiant said Mandiant is
Gordon Love, Head of Emerging Markets, Mandiant

Mandiant to showcase Advantage SaaS platform with Starlink at GITEX 2022

Mandiant announced participation at GITEX Global 2022. At the trade fair, Mandiant