Back to ATT&CK Hub
T1486

Data Encrypted for Impact

Impact
Featured

Adversaries may encrypt data on target systems or on large numbers of systems to interrupt availability. This is the hallmark of ransomware attacks.

View on MITRE ATT&CK

Real-World Example

The Colonial Pipeline attack by DarkSide ransomware encrypted critical systems, leading to fuel shortages across the US East Coast.

Defense Strategies

  • Offline backups
  • Network segmentation
  • Endpoint protection
  • Incident response planning
  • Early detection capabilities

Detection Methods

  • Monitor for mass file modifications
  • Detect encryption signatures
  • Track ransom note creation
  • Alert on backup tampering

Related Techniques in Impact

T1489

Service Stop

Ready to learn more techniques and test your knowledge?