My key takeaways
- often ransomeware dwells 8mo-1yr before detection or execution
- since 1989 AIDS/PC Cyborg Trojan
- since end 2019 data exfiltration get more and more common with ransomware
- today access to network is more worry than encrypted files
- droppers are often not recognized by AV/EDR
- 2% of revenue is common request for ransom
- stolen data also be used to attack customers and partners of victim
- the majority of all malicious data breaches are due to phishing or social engineering
- Second most is due to unpatched software
- "Detonation sandbox" for testing potential malicious links
- Have a ransomware response plan, practice it and stick to it
- application control programms in audit-only mode may help detect ransomware
Env
- Provided by knowbe4
- Presenter: Roger Grimes