JACLYN LASKY, CHRIS NAUGHTON
This paper goes into detail about the REvil ransomware variant and its operators to provide an in-depth look at how it begins its infection chain and why. The paper also covers publicly available information on REvil’s cyber-attacks that targeted industries in the healthcare sector, and why it matters. The paper consists of two main parts. Sections 2 and 3 document the REvil malware’s operation in the flow of a typical operation, based upon observations documented in the MITRE ATT&CK® Framework, additional public threat reporting, and some internal analysis in the MITRE Lab. Section 4 reviews these adversary behaviors from the perspective of a defender, giving guidance on how cyber practitioners could detect and protect against such a threat
No comments:
Post a Comment