Ransomware Misconceptions Abound, to the Benefit of Attackers

Its time to update what we think we understand about ransomware, including new defensive measures and how fast the attack response should be.

INFOSEC23 – London – With a threat as persistently pervasive as ransomware, myths and misconceptions are bound to emerge in tandem. Richard de la Torre, technical marketing manager at Bitdefender, used his time at the podium during this weeks
Infosecurity Europe
conference to enumerate — and dispel — some of the more common ones.
While some of the items on de la Torres list are likely very familiar to most security practitioners, he cites a ransomware misperception that theres no capability to fight this all too common hostage taking of business data. Not true — proactive organizations are increasingly using decryptors and also making more strategic use of threat intelligence to prevent or disrupt attacks, he adds.
And despite all the worry and attention devoted to ransomware-as-a-service and more leading edge ransomware incidents, de la Torre claims ransomware attack vectors remain relatively basic. The threat process has not changed and access starts through phishing attacks, he says.
All that being said, most organizations still havent grasped that ransomware has mushroomed into big business, turbocharged by its RaaS business model with an operator whos sometimes state-sponsored. The operator variously buys, develops, and resells the ransomware code and hires affiliates, usually hackers, who infiltrate networks. They then plant malware, establish a command and control (C&C) server, detonate the ransomware, and collect ransom.
These are multi-billion dollar organizations, who hire access brokers and data miners and HR teams and recruit on the dark and deep Web, he says.
Another misconception is that organizations must have a speedy response to a ransomware infection, and that time is of the essence to prevent encryption and loss of business data. While that may have been true a few years ago,
times have changed
, de la Torre notes. Most attackers now focus more on data exfiltration, and the actual ransomware is used as a distraction while [attackers] exfiltrate data.
More commonly, attackers will move laterally inside a network, for days or even months, doing reconnaissance to see if an organization has cyber insurance, identify key customers, and pinpoint
where the richest datasets are
.
De la Torre also says its a misconception that attackers only go after large targets. Most ransomware attacks typically target small organizations, as larger organizations have SOC teams and more resources dedicated to cybersecurity. But the smaller targets arent the prize, just a steppingstone. More often, ransomware attackers target smaller organizations who have affiliations with larger organizations via a supply chain as a backdoor, he explains.
In terms of defense, he recommended having good defense in depth, with email security to stop phishing emails and good detection and response to detect when there has been a change to Azure, for example, de la Torre says. You want something tamper proof and that you are able to recover from.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ransomware Misconceptions Abound, to the Benefit of Attackers