Search form

You are here

  • Home
  • The realities of ransomware: Five signs you’re about to be attacked


The realities of ransomware: Five signs you’re about to be attacked

Image of Peter Mackenzie. (Supplied)
Short Url

https://arab.news/rtvx6

Updated 20 January 2021
Follow

The realities of ransomware: Five signs you’re about to be attacked

Updated 20 January 2021

Whenever we work with ransomware victims, we spend some time looking back through our telemetry records that span the previous week or two. These records sometimes include behavioral anomalies that (on their own) may not be inherently malicious, but in the context of an attack that has already taken place, could be taken as an early indicator of a threat actor conducting operations on the victim’s network.

If we see any of these five indicators, in particular, we jump on them straight away. Any of these found during an investigation is almost certainly an indication that attackers have poked around: To get an idea of what the network looks like, and to learn how they can get the accounts and access they need to launch a ransomware attack.

Attackers use legitimate admin tools to set the stage for ransomware attacks. Without knowing what tools administrators normally use on their machines, one could easily overlook this data. In hindsight, these five indicators represent investigative red flags:

1. A network scanner, especially on a server

Attackers typically start by gaining access to one machine where they search for information: Is this a Mac or Windows, what’s the domain and company name, what kind of admin rights does the computer have, and more. Next, attackers will want to know what else is on the network and what can they access. The easiest way to determine this is to scan the network. If a network scanner, such as AngryIP or Advanced Port Scanner, is detected, question admin staff. If no one cops to using the scanner, it is time to investigate.

2. Tools for disabling antivirus software

Once attackers have admin rights, they will often try to disable security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter. These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared.

3. The presence of MimiKatz

Any detection of MimiKatz anywhere should be investigated. If no one on an admin team can vouch for using MimiKatz, this is a red flag because it is one of the most commonly used hacking tools for credential theft. Attackers also use Microsoft Process Explorer, included in Windows Sysinternals, a legitimate tool that can dump LSASS.exe from memory, creating a .dmp file. They can then take this to their own environment and use MimiKatz to safely extract usernames and passwords on their own test machine.

4. Patterns of suspicious behavior

Any detection happening at the same time every day, or in a repeating pattern is often an indication that something else is going on, even if malicious files have been detected and removed. Security teams should ask “why is it coming back?” Incident responders know it normally means that something else malicious has been occurring that hasn’t (as of yet) been identified.

5. Test attacks

Occasionally, attackers deploy small test attacks on a few computers in order to see if the deployment method and ransomware executes successfully, or if security software stops it. If the security tools stop the attack, they change their tactics and try again. This will show their hand, and attackers will know their time is now limited. It is often a matter of hours before a much larger attack is launched.

Sophos’ next-gen cybersecurity solutions to stop ransomware

Sophos offers layered IT security for defending against the latest ransomware. Sophos not only provides best protection at every point, but also provides threat intelligence sharing between all these security points with synchronized security.

Sophos XG Firewall prevents attacks from getting onto a network. In the event ransomware does happen to get onto a network, Sophos XG Firewall can automatically stop ransomware dead in its tracks thanks to integration with Sophos Intercept X.

Sophos Intercept X Advanced with EDR includes anti-ransomware technology that detects malicious encryption processes and shuts them down before they can spread across the network. 

The Sophos Managed Threat Response (MTR) service adds human expertise to an organization’s layered security strategy. An elite team of threat hunters proactively look for and validate potential threats, and then take action to disrupt, contain and neutralize attacks. 

Topics: ransomware

Related

Science & Technology
Ransomware ‘hero’ pleads guilty to US hacking charges
Science & Technology
North Korea denies role in WannaCry ransomware attack

Careem partners with CarbonSifr to launch eco-friendly rides

Updated 07 January 2025
Arab News
Follow

Careem partners with CarbonSifr to launch eco-friendly rides

Updated 07 January 2025
Arab News

Careem Rides has joined forces with CarbonSifr, a climate-tech company and a participant in the inaugural Sedrah Program under the Ministry of Environment, Water and Agriculture, to launch a new eco-friendly ride option in Saudi Arabia.

Eco-friendly rides, launched in collaboration with the Transport General Authority and MEWA’s Sedrah Program, will first be available in Riyadh. Customers who choose the eco-friendly option will enjoy the same reliable and convenient everyday Careem rides while contributing to carbon removal efforts, achieved through the tree planting program of the Ministry powered by Sedrah.

Saleh Ibrahim Al-Zuwayed, director and spokesperson at TGA, said: “At the Transport General Authority, we are committed to fostering eco-friendly transport solutions that contribute to the Kingdom’s Vision 2030 goals. We also recognize and congratulate impactful initiatives that showcase how innovation can support environmental objectives and our journey toward a more sustainable future.”

Wael Ibrahim, general manager of Careem Rides in Saudi Arabia, Egypt and Bahrain, said: “This comes as part of our ongoing efforts to continuously innovate and bring a positive impact to the communities we’re part of. We are excited to make this ride option available in Saudi Arabia, giving customers the opportunity to reduce the carbon impact of their daily trips by supporting MEWA’s tree-planting projects across the Kingdom.”

The new eco-friendly ride option is part of CarbonSifr’s broader commitment to supporting Saudi Arabia’s Vision 2030 and environmental goals, and represents a significant step toward helping reduce emissions in line with national objectives. All trees planted through this initiative will be in MEWA-designated sites in Saudi Arabia, directly impacting local sustainability efforts.

By focusing on reforestation in key ecological zones, the initiative will create long-term environmental resilience, helping mitigate climate change’s effects and preserve natural ecosystems.

Yazeed Al-Shammari, Sedrah program manager, said: “CarbonSifr is one of the standout startups in our Sedrah accelerator program, and we’ve been dedicated to providing them with the support they need to succeed within the Kingdom. This partnership with Careem Rides reflects the innovative approach that will drive Saudi Arabia’s transition to a low-carbon future.

He added: “By integrating technology to reduce emissions through everyday services like transportation, they contribute directly to our national sustainability and emission reduction goals. I’m incredibly proud to see our collaboration already bearing fruit, and I look forward to this initiative’s positive impact on the Kingdom’s environmental efforts.”

Onur Elgun, CEO of CarbonSifr, said: “We are incredibly grateful for the unlimited support from our partners Careem Rides and the MEWA’s Sedrah Program. Their innovative thinking and ambition to be trailblazers have helped us enormously with this great initiative in the Kingdom.”

He added: “Through our partnership with Careem Rides, we provide a simple, effective way for individuals to participate in eco-friendly behaviors by removing their CO2 emission impact while supporting MEWA’s tree planting projects in Saudi Arabia. This program is about turning everyday actions into meaningful climate solutions, and we’re excited to bring this initiative to the Kingdom with Careem Rides, and more is yet to come.”

CATRION elevates catering experience at Dakar Rally

Updated 07 January 2025
Arab News
Follow

CATRION elevates catering experience at Dakar Rally

Updated 07 January 2025
Arab News

Dakar and CATRION, formerly Saudi Airlines Catering Company, have partnered for Dakar Rally Saudi Arabia 2025, taking place from Jan. 3–17, across the Kingdom. As both the main sponsor and exclusive catering partner, CATRION is redefining collaboration in global motorsport events.

This partnership reflects CATRION’s commitment to advancing global sports and entertainment with world-class services. It aligns with Saudi Arabia’s Vision 2030, reinforcing the Kingdom’s position as a premier hub for international events, innovation, and economic diversification.

CATRION’s role as the exclusive catering partner will see the company providing more than 9,000 meals daily, supporting over 3,000 participants, staff, and support teams across the rally. Leveraging its expertise in remote catering, CATRION has deployed six mobile kitchens, 34 support trucks, and five food trucks, supported by a dedicated team of more than 165 professionals, including 35 chefs. This robust infrastructure ensures exceptional service delivery even in the most remote and challenging environments.

The Dakar Rally’s approximately 8,000-kilometer route, spanning from Bisha to Shubaytah, highlights Saudi Arabia’s breathtaking landscapes and cultural richness. With more than 5,000 kilometers of special stages, including a 48-hour chrono stage and a marathon stage, the rally exemplifies the spirit of adventure and endurance.

This partnership between Dakar and CATRION not only supports Saudi Arabia’s vision of becoming a global destination for international sports but also enhances the Kingdom’s position as a dynamic hub for sports, entertainment, and innovation. For CATRION, this collaboration represents a significant milestone as it expands its expertise from in-flight catering to large-scale event services and global sports sponsorships.

“Together, Dakar and CATRION are setting a new benchmark for partnerships in motorsport, ensuring an unparalleled experience for participants and spectators alike, while contributing to the growth and visibility of Saudi Arabia as a global leader in sports and entertainment,” a statement said. “This partnership with Dakar and Saudi Motorsport Company highlights CATRION’s innovative approach to supporting high-profile events while reinforcing its commitment to operational excellence, sustainability, and the highest standards of quality.”

Ericsson announces new Customer Unit in Saudi Arabia

Updated 07 January 2025
Arab News
Follow

Ericsson announces new Customer Unit in Saudi Arabia

Updated 07 January 2025
Arab News

Ericsson has announced a new organizational structure for its operations in the Middle East and Africa region. As part of this transformation, the Saudi Arabia market will be served under a newly established Customer Unit, led by Håkan Cervell, vice president and head of CU Saudi Arabia.

This move is part of Ericsson’s strategic ambition to simplify its organizational setup, enhance customer responsiveness, and strengthen local market accountability. 

The newly created CU Saudi Arabia, which will serve all customers in the country, is one of five Customer Units established under the new structure. 

The broader reorganization will optimize resources, accelerate time-to-market, and empower decision-making at country level.

With more than 30 years of experience in the information communication technology industry, Cervell brings proven leadership, business development expertise, and a deep understanding of the region. Since 2022, Cervell has served as the head of CU stc, Saudi Arabia and Egypt, where he played a pivotal role in fostering strong partnerships and advancing digital transformation initiatives.

The establishment of CU Saudi Arabia is part of Ericsson’s larger regional transformation, which includes five Customer Units: CU Saudi Arabia, CU Gulf, CU West and Southern Africa, CU Central and Eastern Africa, and CU MEA North. Each unit is designed to address local market needs with increased accountability and customer focus.

In a press statement, Ericsson said that it remains committed to accelerating digital transformation and supporting Saudi Arabia’s journey toward becoming a global leader in connectivity and innovation.

Al-Habtoor Palace opens doors at Budapest’s iconic Adria Palace

Updated 07 January 2025
Arab News
Follow

Al-Habtoor Palace opens doors at Budapest’s iconic Adria Palace

Updated 07 January 2025
Arab News

Al-Habtoor Group has announced the official launch of Al-Habtoor Palace, Budapest, located within the historic Adria Palace in the heart of the Hungarian capital. This iconic building, originally constructed in the early 20th century, has been a landmark of architectural elegance and cultural significance. It has been reimagined into Al-Habtoor Palace to deliver an elevated luxury hospitality experience that combines timeless grandeur, sophistication with modern luxury.

Positioned as “A Jewel of Dubai Hospitality,” Al-Habtoor Palace marks a significant milestone in the group’s vision to bring Dubai’s renowned luxury and excellence to Europe. Guests can now enjoy a unique blend of refined amenities, bespoke care, and world-class standards that have earned Al-Habtoor Hospitality a distinguished reputation in the UAE and globally.

Inspired by the success of Al-Habtoor Palace Dubai in Al-Habtoor City, a symbol of sophistication and grandeur, the Budapest property offers the same unmatched levels of personalized service and luxury, while embracing the rich heritage of Adria Palace, a cornerstone of Budapest’s cultural legacy.

Khalaf Ahmad Al-Habtoor, founding chairman of Al-Habtoor Group, said: “The introduction of Al-Habtoor Palace in Budapest reflects our vision to expand our homegrown luxury brand to Europe. Nestled within the historic Adria Palace, Al-Habtoor Palace represents the pinnacle of hospitality while offering an unforgettable experience in one of Europe’s most vibrant cities. This marks the global debut of our ultra-luxury Al-Habtoor Palace brand from Hungary, the jewel of Central Europe, and a significant milestone for our group.”

Now welcoming guests, Al-Habtoor Palace, Budapest offers a unique stay as a beacon of luxury and sophistication, seamlessly blending the historical charm of Adria Palace with the renowned warmth and excellence of Dubai’s hospitality.

Rotana Group partners with MRC, ushering in new era of precise analytics with KSA TAM

Updated 07 January 2025
Arab News
Follow

Rotana Group partners with MRC, ushering in new era of precise analytics with KSA TAM

Updated 07 January 2025
Arab News

In a groundbreaking move to empower the media sector and enhance the quality of television and digital content in Saudi Arabia, Rotana Group, one of the region’s leading media companies, has announced a strategic partnership with the Media Rating Company. This partnership introduces the adoption of the KSA TAM system, a cutting-edge tool for audience measurement and media performance analysis.

This agreement highlights Rotana’s dedication to utilizing data-driven insights to elevate viewer engagement and streamline media production processes. By partnering with MRC, Rotana will benefit from cutting-edge measurement and analytics tools, empowering data-informed strategies for optimizing channel and content performance.

This move aligns with the General Commission for Audiovisual Media’s decision to adopt KSA TAM as the official national benchmark for audience measurement in Saudi Arabia. It reflects Rotana’s dedication to employing licensed, accurate data to deliver unparalleled insights into audience viewership across its channels.

The KSA TAM system is a state-of-the-art data integration solution that provides granular insights into audience behavior. The system tracks viewership during regular hours, prime time, and special slots, offering minute-by-minute analysis of audience engagement with programs and ad performance. By ranking channels based on audience share and viewership, it empowers advertisers to optimize their media strategies effectively.

Advertisers will gain valuable insights through detailed post-campaign analyses, covering metrics such as reach, frequency, CPM (cost per thousand impressions), GRP (gross rating points), and cost per GRP. With its ability to capture natural viewing habits across TV and digital platforms, the KSA TAM system empowers the development of comprehensive, audience-focused media strategies driven by content preferences.

Starting January, five of Rotana’s flagship channels will be measured using the KSA TAM system, providing precise data on audience engagement, content consumption patterns, and advertising effectiveness.

This partnership comes as MRC nears the completion of its pilot phase for audience measurement using smart devices. The agreement showcases years of dedication by MRC to developing advanced tools that meet global standards, offering precise analytics to support media decision-makers in refining their strategies.

Princess Lamia bint Majid Al-Saud, CEO of Rotana Media Group, said: “This partnership is a strategic milestone for Rotana channels. The KSA TAM system enables advertisers and content creators to deeply understand audience preferences and deliver content that meets their expectations. It also provides advertisers with accurate insights into target demographics, enhancing advertising strategies and strengthening Rotana’s ability to effectively connect brands with their audiences.”

Bandar Al-Mashhadi, CEO of MRC, added: “We are proud of our partnership with Rotana, a company committed to delivering exceptional local content that resonates with audiences. This agreement comes at a pivotal time as we approach the final stages of piloting smart device audience measurement. It represents the culmination of years of dedication to developing advanced measurement tools and data analytics that elevate the media ecosystem.”

He added: “This agreement is a landmark moment in our journey toward providing innovative solutions that support the media industry. The adoption of KSA TAM as a standard metric reflects our commitment to delivering modern measurement tools that align with global benchmarks. Our collaboration with Rotana highlights this dedication, supporting local content while meeting audience expectations and enhancing the Saudi media sector’s regional and global standing.

“Rotana Group boasts diverse content, including films, talk shows, music, and other outstanding productions. This partnership offers a significant opportunity to analyze and refine this content, ensuring maximum value for viewers.”

Latest updates

Afghanistan hire Younis Khan as mentor for Champions Trophy in Pakistan
Israel military says body of only one hostage found in Gaza
Pakistani women require permission from male guardians to perform Hajj alone — religion ministry
Poland shuts consulate in Saint Petersburg on Russian order
2 Russian firefighters died in blaze caused by Ukraine drone: governor

Search form

Print Edition
Read pdf version Subscribe now
© 2025 SAUDI RESEARCH & PUBLISHING COMPANY, All Rights Reserved And subject to Terms of Use Agreement.