RANSOMWARE E EXTORSÃO DIGITAL NO AMBIENTE CORPORATIVO: EVOLUÇÃO, IMPACTOS E ESTRATÉGIAS DE DEFESA

Resumo

Ransomware has expanded alongside organizations’ digital footprints, exploiting broader attack surfaces to encrypt critical data and demand payment. Over time, campaigns have evolved from simple screen lockers to operations that combine strong encryption with data exfiltration, enabling “double extortion” and amplifying operational and reputational risk. This study examines how these attacks operate, their impacts, and practical defense strategies, aiming to inform more robust corporate security policies. The research followed two fronts: (i) collection and analysis of incidents using threat-intelligence and open sources to map patterns, vectors, tactics, and impacts; and (ii) curated case studies selected by indicators of compromise and incident metadata to highlight technical aspects and ethical dilemmas. Findings show a recurring chain from reconnaissance and delivery (e.g., phishing or exposed services) through installation, lateral movement, and action on objectives, with catalogs of techniques clarifying persistence, privilege escalation, and exfiltration. Threat intelligence strengthens detection by feeding indicators to monitoring solutions, while effective response depends on preparation, detection and analysis, containment, eradication, recovery, and lessons learned. Organizational culture is pivotal: continuous training, least-privilege access, coordinated exercises across technical, legal, and communications teams, and predefined criteria for decisions on ransom demands. We conclude that mitigation requires a proactive, defense-in-depth posture—rigorous patch management, isolated and tested backups, network segmentation, least-privilege controls, continuous monitoring, anti-phishing training, and clear response and communication policies—integrating technology, governance, and security culture to improve resilience and reduce disruption and reputational loss.