Inhibit System Recovery (T1490)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Inhibit System Recovery

Associated Tactics

  • Impact

Impact (TA0040)

The adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.

View on ATT&CK

Procedure Examples

Description Source(s)
Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023. Dark Reading Code Spaces Cyber Attack
Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019. FireEye WannaCry 2017
Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019. Talos Olympic Destroyer 2018
Microsoft Windows Server. (2023, February 3). Diskshadow. Retrieved November 21, 2023. Diskshadow
Romain Dumont . (2022, September 21). Technical Analysis of Crytox Ransomware. Retrieved November 22, 2023. Crytox Ransomware
Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023. Rhino Security Labs AWS S3 Ransomware
Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023. ZDNet Ransomware Backups 2020
TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved September 12, 2024. disable_notif_synology_ransom