Kaspersky experts conducted an in-depth analysis of the tactics, techniques, and procedures of the eight most common ransomware groups — Conti/Ryuk, Pysa, Clop, Hive, Lockbit2.0, RagnarLocker, BlackByte, and BlackCat. Comparing the methods and tools of attackers at different stages of attacks, they concluded that many groups operate rather similarly. This permits creation of effective universal countermeasures for protecting a company’s infrastructure from ransomware.
The study, with detailed analysis of all techniques and examples of their use in the wild, can be found in the Common TTPs of Modern Ransomware Groups report. It also contains rules for detecting malicious techniques in the SIGMA format.