Impact (MITRE Tactic)
What is Impact (MITRE Tactic)?
Impact (MITRE Tactic)The MITRE ATT&CK tactic (TA0040) covering techniques whose goal is to disrupt availability or integrity of systems, data, or business processes.
Impact (MITRE ATT&CK tactic TA0040) is the final stage in many intrusions and captures techniques designed to disrupt, deny, degrade, or destroy. Examples include data encryption for ransom (ransomware), data destruction or wipers, disk wipe, defacement, denial of service, account access removal (locking out legitimate admins), resource hijacking such as cryptomining, and inhibiting system recovery by deleting Volume Shadow Copies. Impact techniques are often what makes an incident visible to business leaders and regulators, and they are commonly preceded by exfiltration in double-extortion scenarios. Defenders focus on backups (3-2-1), immutable storage, business continuity plans, EDR ransomware canaries, and rapid containment to minimise blast radius.
● Examples
- 01
Deploying LockBit across a Windows estate to encrypt servers and demand a ransom.
- 02
A wiper destroying boot sectors and Volume Shadow Copies to prevent recovery.
● Frequently asked questions
What is Impact (MITRE Tactic)?
The MITRE ATT&CK tactic (TA0040) covering techniques whose goal is to disrupt availability or integrity of systems, data, or business processes. It belongs to the Defense & Operations category of cybersecurity.
What does Impact (MITRE Tactic) mean?
The MITRE ATT&CK tactic (TA0040) covering techniques whose goal is to disrupt availability or integrity of systems, data, or business processes.
How does Impact (MITRE Tactic) work?
Impact (MITRE ATT&CK tactic TA0040) is the final stage in many intrusions and captures techniques designed to disrupt, deny, degrade, or destroy. Examples include data encryption for ransom (ransomware), data destruction or wipers, disk wipe, defacement, denial of service, account access removal (locking out legitimate admins), resource hijacking such as cryptomining, and inhibiting system recovery by deleting Volume Shadow Copies. Impact techniques are often what makes an incident visible to business leaders and regulators, and they are commonly preceded by exfiltration in double-extortion scenarios. Defenders focus on backups (3-2-1), immutable storage, business continuity plans, EDR ransomware canaries, and rapid containment to minimise blast radius.
How do you defend against Impact (MITRE Tactic)?
Defences for Impact (MITRE Tactic) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Impact (MITRE Tactic)?
Common alternative names include: Impact tactic, TA0040.
● Related terms
- compliance№ 687
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
- malware№ 1243
Wiper Malware
Destructive malware whose primary goal is to irreversibly erase or corrupt data, firmware, or boot records — not financial gain.
- defense-ops№ 265
Cyber Kill Chain
Lockheed Martin's seven-stage model that describes how a targeted intrusion progresses from reconnaissance to actions on objectives.
- defense-ops№ 136
Business Impact Analysis (BIA)
A structured analysis that identifies critical business processes, their dependencies, and the operational, financial and reputational impact of their disruption.
- forensics-ir№ 524
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.