12 steps of the Advanced persistent threat lifecycle
Reconnaissance: Threat actors gather information about a target organization and its systems, such as IP addresses and open ports.
Weaponization: The attackers create and customize malware, such as ransomware, for the specific target.
Delivery: The malware is delivered to the target, often through phishing emails or exploit kits.
Exploitation: The malware exploits vulnerabilities in the target’s systems to gain initial access.
Installation: The malware establishes a foothold on the target’s systems and begins to propagate.
Command and Control: The attackers establish communication with the malware and can remotely control it.
Actions on Objectives: The attackers carry out their objectives, such as encrypting files and demanding a ransom.
Exfiltration: The attackers extract sensitive data from the target’s systems.
Persistence: The malware establishes mechanisms to maintain access to the target’s systems, even after a reboot or security software update.
Evasion: The malware uses techniques to evade detection by security software and avoid being removed.
Propagation: The malware spreads to other systems within the target organization.
Campaign completion: The attackers achieve their objectives and may move on to new targets or shut down their operation.
Ransomware attacks often focus on steps 2 through 12, where the attackers carry out their objectives, extract sensitive data, maintain access to the target’s systems, evade detection and spread the malware further.