VentureBeat June 30, 2022
Kaspersky’s threat intelligence team has conducted analysis into the most common tactics, techniques, and procedures (TTPs) used by 8 of the most prolific ransomware groups during their attacks. The research revealed that different groups share more than half of the cyber kill chain and execute the core stages of an attack identically.
The researchers looked at the activity of Conti/Ryuk, Pysa, Clop (TA505), Hive, Lockbit2.0, RagnarLocker, BlackByte and BlackCat. These groups have been active in the United States, Great Britain and Germany, and have targeted over 500 organizations within industries such as manufacturing, software development and small business, between March 2021 and March 2022.
The observed attacks were often predictable, following a pattern that includes compromising the corporate network or...