A ransomware attack can start with an untargeted infection of an individual system with commodity malware. The access to infected systems within an organization’s networks can be sold multiple times in the cybercrime underground by initial access brokers. The value of initial access to networks varies depending on factors such as the privileges that have been obtained and the revenue of the organizations involved. Organizations are increasingly aware that being well prepared is essential. The question is no longer ‘if’ an organization will be attacked but ‘when’. What do you do in case of an attack?
Frank Ruedisueli – Secura