Revealing the Top Ransomware Tactics, Techniques, and Procedures by Cisco Talos

Cisco Talos conducted an analysis of the top 14 ransomware groups from 2023 to 2024 to explore their attack chain and highlight Tactics, Techniques, and Protocols. The study also revealed the vulnerabilities most commonly exploited by ransomware actors.

The ransomware attack chain typically follows a set pattern. The first step involves gaining access to the targeted entity, often through social engineering techniques such as phishing emails containing malicious files or links. Attackers may also exploit vulnerabilities or misconfigurations in internet-facing systems. Once access is gained, the attacker seeks to establish persistence by modifying registry keys or creating accounts.

The next step is to scan the network environment to identify valuable data for ransom. Attackers often use tools to elevate their privileges and navigate the network. Sensitive data is then collected and exfiltrated using various tools before the ransomware is deployed.

In some cases, attackers may test the ransomware in the environment before encrypting the network and demanding payment. Three commonly exploited vulnerabilities include Zerologon, FortiOS SSL VPN, and GoAnywhere MFT, which allow attackers to gain initial access and manipulate systems.

Cisco Talos also observed notable Tactics, Techniques, and Procedures (TTPs) used by ransomware groups, such as obfuscating malicious code, modifying registry settings, and accessing credentials stored in memory. To mitigate the ransomware threat, organizations are advised to apply patches, enforce strict password policies, segment networks, monitor endpoints, and limit exposure to the internet.

Disclosure: The views expressed in this article are those of the author and not necessarily reflective of Trend Micro.

Unlock your business potential with our expert guidance. Get in touch now!

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role

hybrid-cloud-storage-fotolia.jpg

Trump’s Visit Strengthens Saudi Arabia’s AI Initiatives

threat-management-fotolia.jpg

Security Tests Uncover Major Vulnerability in Government’s One Login Digital ID System