Applying ATT&CK to analyze ransomware campaigns

Modern ransomware has transitioned to a Ransomware-as-a-Service (RaaS) model, with many groups sharing common tactics, techniques, and procedures in their attacks, or TTPs. These TTPs, described in MITRE ATT&CK, are like a glue that binds together multiple diverse teams operating at various levels with different priorities.

The Global Research and Analysis team (GReAT) at Kaspersky analyzed thousands of operations made by the different RaaS groups – and outlined the TTPs that the cybersecurity industry should consider in order to deliver a stronger protection for different organizations. In the webcast, Marc Rivero, a senior security researcher at GReAT, Kaspersky, will delve into the main TTPs used by modern ransomware groups and shed the light on how to analyze them and use in attack detection and prevention.

The talk will include:

  • Kaspersky’s statistics on ransomware evolution
  • Attack workflow using MITRE ATT&CK
  • Overview of TTPs used by main ransomware groups
  • Q&A session