From 186bf75aaa26952aacea49931000ea0c274a4dfa Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 11 Apr 2019 06:55:39 +0200 Subject: [PATCH] chg: [ransomware] spaces removed --- ransomware/machinetag.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ransomware/machinetag.json b/ransomware/machinetag.json index 99a05e0..4298d3c 100644 --- a/ransomware/machinetag.json +++ b/ransomware/machinetag.json @@ -2,7 +2,7 @@ "namespace": "ransomware", "expanded": "ransomware types and elements", "description": "Ransomware is used to define ransomware types and the elements that compose them.", - "version": 1, + "version": 2, "refs": [ "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf", "https://docs.apwg.org/ecrimeresearch/2018/5357083.pdf", @@ -155,11 +155,11 @@ }, { "value": "deployed-out-of-frustration", - "expanded": " Sometimes, an attacker may gain initial access to a server or other machine, but consequent attempts to, for example, exfiltrate data or attack other machine, is unsuccessful. This may be due to a number of things, but often due to the access being discovered, and quickly patched. On the other hand, it may have not been discovered yet, but the attacker is sitting with the same problem: the purpose is not fulfilled. Then, out of frustration, or to gain at least something out of the victim, the machine gets trashed with ransomware. Another possibility is a disgruntled employee, leaving ransomware as a 'present' before leaving the company." + "expanded": "Sometimes, an attacker may gain initial access to a server or other machine, but consequent attempts to, for example, exfiltrate data or attack other machine, is unsuccessful. This may be due to a number of things, but often due to the access being discovered, and quickly patched. On the other hand, it may have not been discovered yet, but the attacker is sitting with the same problem: the purpose is not fulfilled. Then, out of frustration, or to gain at least something out of the victim, the machine gets trashed with ransomware. Another possibility is a disgruntled employee, leaving ransomware as a 'present' before leaving the company." }, { "value": "deployed-as-a-cover-up", - "expanded": " This may sound ambiguous at first, but imagine a scenario where a company may face sanctions, is already compromised, or has a running investigation. The company or organisation deploying ransomware itself, is a viable way of destroying data forever, and any evidence may be lost.\nAnother possibility is, in order to cover up a much larger compromise, ransomware is installed, and everything is formatted to hide what actually happened.\nAgain, there is also the possibility of a disgruntled employee, or even an intruder: which brings us back to 'deployed as a smokescreen'." + "expanded": "This may sound ambiguous at first, but imagine a scenario where a company may face sanctions, is already compromised, or has a running investigation. The company or organisation deploying ransomware itself, is a viable way of destroying data forever, and any evidence may be lost.\nAnother possibility is, in order to cover up a much larger compromise, ransomware is installed, and everything is formatted to hide what actually happened.\nAgain, there is also the possibility of a disgruntled employee, or even an intruder: which brings us back to 'deployed as a smokescreen'." }, { "value": "deployed-as-a-penetration-test-or-user-awareness-training", @@ -167,7 +167,7 @@ }, { "value": "deployed-as-a-means-of-disruption-destruction", - "expanded": " Last but not least - while ransomware can have several purposes, it can also serve a particularly nasty goal: destroy a company or organisation, or at least take them offline for several days, or even weeks.\nAgain, there are some possibilities, but this may be a rivalry company in a similar business, again a disgruntled employee, or to disrupt large organisations on a worldwide scale." + "expanded": "Last but not least - while ransomware can have several purposes, it can also serve a particularly nasty goal: destroy a company or organisation, or at least take them offline for several days, or even weeks.\nAgain, there are some possibilities, but this may be a rivalry company in a similar business, again a disgruntled employee, or to disrupt large organisations on a worldwide scale." } ] }