When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal, and AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. For example, the particularly heavy use of legitimate software tools in ransomware attack chains has been notable in recent times. In fact, we rarely see a ransomware attack that doesn’t use legitimate software.
Staying Under the Radar: Why Abuse Is Rampant