The Anatomy of Targeted Ransomware Attacks

Ransomware attacks can hit anybody. But whereas some types of ransomware spread automatically, targeted ransomware attacks depend on manual execution and a significant effort from the hackers operating on the internal networks of their victims. Centre for Cybersecurity (CFCS) defines this type of ransomware attacks as "targeted ransomware attacks".

A targeted ransomware attack can be underway within an organisation's internal network for days, weeks, or even months before systems and data are encrypted. During this period the organisation has an opportunity to react and deflect the attack, before the encryption takes place.

This report maps out how these specially targeted ransomware attacks typically happens and contains specific advice on how businesses and government institutions can protect themselcves better. The timeline of events has been generalised but is based on our insights from real incidents.

The target audience for the report is primarily IT management and technical IT staff.