A list of the most common (and therefore most dangerous) families of malware that lead to ransomware has been released by ZDNet. In this list are some of the most prolific threats and the ransomware threats that they lead to. This list provides enterprise defenders with a priority list of threats to study and keep defenses up to date for. Some of the attack chains are listed below, and more can be found in the article:
- Emotet -> Trickbot -> Ryuk
- Bazarloader -> Ryuk
- Qakbot -> Egregor
- Zloader -> Egregor
- Buerloader -> Ryuk
- Phorpiex -> Avaddon
Cobalt Strike is included in this article not as a malware family but as another threat to watch out for prior to ransomware. Many threat actors will deploy Cobalt Strike somewhere in the chain before they deploy ransomware, due to the ease Cobalt Strike gives to the attack process. While not a malware family, if Cobalt Strike is detected by defenders and a known red team engagement is not currently authorized, it should be treated as a serious threat.