{"id":36443,"date":"2020-08-04T22:15:00","date_gmt":"2020-08-04T22:15:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/how-ransomware-threats-are-evolving-and-how-to-spot-them\/d\/d-id\/1338578"},"modified":"2020-08-04T22:15:00","modified_gmt":"2020-08-04T22:15:00","slug":"how-ransomware-threats-are-evolving-how-to-spot-them","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/","title":{"rendered":"How Ransomware Threats Are Evolving &amp; How to Spot Them"},"content":{"rendered":"<header><\/header>\n<p><span class=\"strong black\">A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.<\/span><\/p>\n<p class>Modern ransomware operators are adopting techniques similar to those of advanced nation-state actors, researchers report. Their attacks are quieter and more long-term as they sit on target networks and search for the exact information they need to bring down their victims.<\/p>\n<p>Sophos researchers today published a series of reports detailing the evolution of ransomware and how attackers are finding new ways to extort more money from large enterprise victims. While the range of ransomware still spans low-level to high-level attacks, their analysis mainly focuses on advanced threats like <a href=\"http:\/\/darkreading.com\/attacks-breaches\/major-us-companies-targeted-in-new-ransomware-campaign\/d\/d-id\/1338189\" target=\"_blank\" rel=\"noopener noreferrer\">WastedLocker<\/a> and Maze ransomware.<\/p>\n<p>&#8220;In the old days, everybody was hitting desktops for $400, and there were successful groups doing that and nonsuccessful groups doing that,&#8221; says Sophos principal research scientist Chet Wisniewski. &#8220;Now the successful people aren&#8217;t bothering with that \u2014 they&#8217;ve moved on to more targeted, specific [attacks], either extortion or just incredibly sophisticated enterprise ransomware.&#8221;<\/p>\n<p>Sophos focused on WastedLocker. In a <a href=\"https:\/\/news.sophos.com\/en-us\/2020\/08\/04\/wastedlocker-techniques-point-to-a-familiar-heritage\/\" target=\"_blank\" rel=\"noopener noreferrer\">report<\/a>, director of engineering Mark Loman and principal threat researcher Anand Ajjan explain how it uses Windows Cache Manager via memory-mapped I\/O to evade monitoring by behavior-based tools. This allows the ransomware to transparently encrypt cached documents in memory, without causing additional disk I\/O. Tools used to monitor disk writes may not notice the malware is accessing a cached document.<\/p>\n<p>&#8220;The cleverness, the creativity, and the intimate knowledge of these very, very miniscule technical details to craft a bypass like that is almost unseen in criminal malware,&#8221; says Wisniewski. &#8220;It&#8217;s the kind of thing we expect to see in espionage-style attacks, not in criminal attacks.&#8221;<\/p>\n<p>Some attackers bypass technical tools by &#8220;living off the land,&#8221; or using legitimate admin tools to achieve goals. Some use software deployment tools to roll out ransomware instead of delivering patches to Windows machines, Wisniewski says as an example. They may abuse PowerShell, other Microsoft tools, or so-called &#8220;gray hat&#8221; tools like Metasploit or Cobalt Strike.<\/p>\n<p>This behavior isn&#8217;t new, Wisniewski says. &#8220;What is new is that may be the only indication you&#8217;re going to get that they&#8217;re in your network.&#8221; Organizations may notice small, unusual things once in a while, remedy them, and close the ticket without realizing they&#8217;re part of a larger incident. By the time they do, an attacker has been in their network for weeks. WastedLocker and Maze will &#8220;sit there for a month&#8221; to figure out the thing that will shut down their <a href=\"https:\/\/news.sophos.com\/en-us\/2020\/08\/04\/the-realities-of-ransomware-a-victims-eye-view-of-an-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">enterprise victim<\/a>.<\/p>\n<p>&#8220;I want to make sure I get the most critical asset they own, and I completely incapacitate it to destroy their business,&#8221; he says of the attacker mindset. They&#8217;re willing to take time to figure out the business model, which databases have the crown jewels, and how to steal data from them.<\/p>\n<p>Attackers don&#8217;t need these techniques to target all companies, Wisniewski notes, but they are necessary for top-tier companies with larger cash reserves and better defenses. He points to SamSam, which represents the &#8220;midtier&#8221; level of ransomware. The group&#8217;s dwell time was far shorter at about 72 hours, and it didn&#8217;t need to identify every asset to achieve its goals. It went for firms with lower defenses, hit their servers, and charged $100,000\u2013$800,000 per victim.<\/p>\n<p>While the motivation is different for each advanced ransomware group, the techniques are similar. WastedLocker is more focused on technical exploitation; threats like Maze rely on double extortion: They charge victims to get their data back, and to stop them from publishing it. They&#8217;re focused on the <a href=\"https:\/\/news.sophos.com\/en-us\/2020\/08\/04\/the-realities-of-ransomware-extortion-goes-social-in-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">more social aspect<\/a> of how they can manipulate their victims, he adds. Maze has invited other groups to publish on its website and in doing so, boost its marketing.<\/p>\n<p>&#8220;None of these groups are technically inept, but the special sauce they bring to the table is different,&#8221; Wisniewski continues. &#8220;Each one of these groups has their own signature.&#8221;<\/p>\n<p><strong>How to Know If You&#8217;ve Been Compromised<\/strong><br \/>While it may tough to know when an advanced attacker is on your network, it&#8217;s still possible. Peter Mackenzie, global malware escalations manager at Sophos, shares a <a href=\"https:\/\/news.sophos.com\/en-us\/2020\/08\/04\/the-realities-of-ransomware-five-signs-youre-about-to-be-attacked\/\" target=\"_blank\" rel=\"noopener noreferrer\">few key indicators<\/a> that could tip off businesses to suspicious activity.<\/p>\n<p>One is a network scanner, especially on a server. Attackers usually start recon by accessing one machine and searching for information like domain and company name, the device&#8217;s admin rights, etc. They then scan the network to see what else they can access. If the business detects a network scanner like AngryIP or Advanced Port Scanner, question admin staff. If they&#8217;re not using it, an intruder may be.<\/p>\n<p>Businesses should also watch for tools designed to disable antivirus software, which attackers may use to bypass detection. Mackenzie points to Process Hacker, IOBit Uninstaller, GMER, and PC Hunter as examples of legitimate tools that could point to nefarious activity if they suddenly appear. Further, he says, any detection of MimiKatz should be investigated.<\/p>\n<p>&#8220;If no one on an admin team can vouch for using MimiKatz, this is a red flag because it is one of the most commonly used hacking tools for credential theft,&#8221; he writes. Attackers may also use Microsoft Process Explorer, a legitimate tool that can dump LSASS[.]exe from memory.<\/p>\n<p>Even if malicious files have been detected and removed, businesses should watch for any detection that happens at the same time every day, or in another repeating pattern. This could indicate something is happening but hasn&#8217;t yet been identified.<\/p>\n<p>An attacker may make themselves known in &#8220;test attacks,&#8221; which are smaller intrusions done on a few computers to see if their deployment method will work. If security tools stop the attack, they may shift strategies before trying again.<\/p>\n<p>&#8220;It is often a matter of hours before a much larger attack is launched,&#8221; Mackenzie says.<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<div readability=\"9.4217391304348\">\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\" alt width=\"468\" height=\"60\"><\/p>\n<p><em><strong>&nbsp;<\/strong><\/em><\/p>\n<p><em><strong>&nbsp;<\/strong><\/em><\/p>\n<p><em><strong>Register now for this year&#8217;s fully virtual Black Hat USA, scheduled to take place August 1\u20136, and get more information about the event on the Black Hat website. Click for details on <a href=\"https:\/\/www.blackhat.com\/us-20\/\" target=\"_blank\" rel=\"noopener noreferrer\">conference information<\/a>&nbsp;and <a href=\"https:\/\/blackhat.informatech.com\/usa\/2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">to register<\/a>.<\/strong><\/em><\/p>\n<\/div>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/how-ransomware-threats-are-evolving-and-how-to-spot-them\/d\/d-id\/1338578?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/how-ransomware-threats-are-evolving-and-how-to-spot-them\/d\/d-id\/1338578?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-36443","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-04T22:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"How Ransomware Threats Are Evolving &amp; How to Spot Them\",\"datePublished\":\"2020-08-04T22:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/\"},\"wordCount\":1075,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/\",\"name\":\"How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\",\"datePublished\":\"2020-08-04T22:15:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUAL-BLACKHAT-VPLUG_468x60.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-ransomware-threats-are-evolving-how-to-spot-them\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Ransomware Threats Are Evolving &amp; How to Spot Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/","og_locale":"en_US","og_type":"article","og_title":"How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-08-04T22:15:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"How Ransomware Threats Are Evolving &amp; How to Spot Them","datePublished":"2020-08-04T22:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/"},"wordCount":1075,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/","url":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/","name":"How Ransomware Threats Are Evolving &amp; How to Spot Them 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png","datePublished":"2020-08-04T22:15:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUAL-BLACKHAT-VPLUG_468x60.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/how-ransomware-threats-are-evolving-how-to-spot-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"How Ransomware Threats Are Evolving &amp; How to Spot Them"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36443"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36443\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}