Summary
Double-extortion has become an extremely popular tactic among ransomware gangs. Sensitive data exfiltrated from hundreds of organizations is posted online every year. So, incident responders need to be well aware of the techniques and tools commonly used by ransomware affiliates to solve this task, as well as forensic artifacts, enabling the ability to uncover such activities. We really need to understand threat actors and how they carry out their business.
In this chapter, we have looked at common approaches leveraged by threat actors to collect and exfiltrate data from a compromised network and learned which forensic artifacts can be used to uncover related traces.
In the next chapter, we'll dive into how ransomware affiliates achieve their final goal – deploying ransomware.
