SafeBreach Releases Hacker's Playbook - Ransomware Edition

Insights from Breach and Attack Simulation Platform Highlight Need for Greater Awareness of What Ransomware is, How it Works and How to Protect Systems and Data from an Attack

SUNNYVALE, CA - Jul 12, 2017. SafeBreach, the leading provider of Breach and Attack Simulation, has issued a Ransomware Special Edition of its Hacker's Playbook™, the industry's most comprehensive collection of findings detailing enterprise security trends and risks from the point-of-view of an attacker.

The Ransomware Special Edition was compiled by SafeBreach Labs in response to recent global campaigns like WannaCry and Petya, which delivered ransomware and disrupted banking, healthcare, government and public service operations worldwide. The Ransomware Special Edition shares insights from SafeBreach simulated "ransomware attacks" in customer deployments over the past 12 months -- detailing how ransomware campaigns are often able to bypass security products.

Ransomware is one of the fastest growing and most prolific forms of attack used by hackers to compromise computer systems and data. According to the U.S. Federal Bureau of Investigation, ransomware has grown to become an estimated \$1 billion criminal enterprise. The 2017 Verizon Data Breach Investigations Report showed that ransomware had risen from a ranking of 22nd to the 5th most common form of attack in the past year. In its 2016 Security Roundup report, Trend Micro's analysis showed a 752 percent increase in the types of ransomware being used by hackers between 2015 and 2016.

Highlights from the SafeBreach Hacker's Playbook - Ransomware Special Edition include the following:

  • WannaCry is the most successful ransomware downloaded in deployments;
  • HTTPS encrypted traffic is the top ransomware infiltration method to exploit security blind spots;
  • Executables within VBS files, DOCs with macros and zipped files bypassed security products;
  • C2 communications by ransomware are not inspected by security products; and,
  • Older ransomware strains such as CryptoLocker continue to be effective.

"Ransomware is an insidious form of attack with the potential of doing serious harm both to organizations that are victimized and, as we have seen, to individuals who may be caught in the middle such as hospital patients, public service constituents and consumers of all types," said Itzik Kotler, co-founder and CTO at SafeBreach. "The first step in mitigating the risks associated with ransomware or any attack, is to understand -- from a hacker's point-of-view -- how the attack works and how it is used. Our hope is that this information will help advance that understanding and result in greater preparedness against future attacks."

The SafeBreach Playbook of breach methods has grown to more than 3000 breach methods from older attacks like Zeus and CryptoLocker to recent ones like WannaCry, Loki2 and RedLeaves. The methods are combined in a multitude of attack scenarios specific to each organization's risk and security profile, to allow an unparalleled view, and highly accurate and actionable assessment of attacks risks -- in addition to validating the efficacy of deployed security technologies.

Organizations are invited to download the Hacker's Playbook - Ransomware Special Edition here.

About SafeBreach:
SafeBreach is a pioneer in the emerging category of breach and attack simulations. The company's groundbreaking platform provides a "hacker's view" of an enterprise's security posture to proactively predict attacks, validate security controls and improve SOC analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker's Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital, Hewlett Packard Pathfinder and investor Shlomo Kramer. SafeBreach is a 2016 SINET16 Innovator, and a finalist for the RSA 2016 Innovation Sandbox and BlackHat Most Innovative Startup competitions. For more information, visit or follow on Twitter @SafeBreach.


  • 111 W Evelyn Ave
  • Sunnyvale, CA94086
  • USA
  • 408-743-5279

R&D Center

  • Yosef Karo St 18
  • Tel Aviv-Yafo,
  • Israel
  • +972-77-434-4506
© SafeBreach Inc. 2022