14. Impact
Impact (TA0040)
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some scenarios, business processes can look fine, but may have been altered to benefit the adversariesβ goals. This tactic is often the "End Game" for ransomware actors.
Strategy
- Denial of Service: Stop the business from functioning.
- Encryption: Lock the data and demand payment.
- Wipe: Destroy the data (Wiocly).
Section Contents
-
Data Encrypted for Impact
Encrypting data to prevent access, typically for extortion (Ransomware).
-
Service Stop and Inhibit Recovery
Disabling security tools and preventing data recovery to maximize impact.
