Ransomeware for Financial Gain

Reconnaissance	Resource Development	Initial Access
Active Scanning	Acquire Infrastructure
Gather Victim Host Information	Compromise Accounts
Gather Victim Identity Information	Copromise Infrastruture
Gather Victim Org Information	Develop Capabilities
Phishing for Information	Establish Accounts
Search Closed Sources	Obtain Capabilities
Search Open Technical Database	Stage Capabilities
Search Open Websites/Domain	Drive-by Compromise
Search Victim Owned Websites	Exploit Public-Facing Application
	External Remote Services
	Hardware Additions
	Phising	Spearphising attachment/Link/Via service
	Replication Through Removable Media
	Supply Chain Compromize
	Trusted Relationship
	Valid Accounts