Since 2015, Secureworks® Counter Threat Unit™ (CTU) researchers have observed a massive increase in the number and impact of post-intrusion ransomware incidents. In these attacks, a threat actor gains access to a compromised network, moves laterally to other systems and networks, locates the critical business assets, and then chooses a time (which could be days or months after initial access) to deploy ransomware that encrypts the victim’s files. Around the end of 2019, criminals realized they could gain additional leverage by stealing data before encrypting it and then threatening the…