From Intel 471:
Ransomware is a top threat that security teams should be tailoring their systems to defend against. But in order to do so, they may need to look further than the ransomware itself. And by widening that scope, these teams may protect their enterprise beyond the damage that ransomware can cause.
The activity that Intel 471 analysts observe on the cybercrime underground has changed a bit with the rise of ransomware. Malware that has been used for traditional fraud schemes — particularly information stealers — has also been co-opted into the cycle of ransomware campaigns. While serving a reliable method for criminals to obtain credentials tied to financial accounts, they are now using information stealers to also go after corporate remote network login credentials, like virtual private networks (VPNs) or remote desktop software.
A key thing to understand with regard to information stealers is that they all don’t operate in the same way.
Read more on Intel 471.