May 11

Webinar Takeaway: EMERGENCY WEBCAST: OK, let´s talk about ransomware…

Security

0  comments

My key takeaways

  • 3 types of ransomware
    1. encrypt hard drive
    2. steal files and data and threat to release them
    3. both 1 & 2
  • Ransomware gangs usually have great customer support
    • it has become a serious business
  • It doesn't matter if you consider your organsiation a valuable target, if at least some money could be extorted from you, you will become a target
  • Deception has become essential
    • Attivo Netwoks, Honeypots, Red Canary,....
    • HoneyDocs
    • HoneyAccounts
      • be aware to log in to it so the last login time is not empty!
      • needs to be enabled
  • Use RITA
  • market verticals calling themself "unique" are creating excuses for not doing the "right" thing
  • ransomware deletes all shadow copies using vssadmin pretty often; raccine may help here
  • there is some built-in ransomware protection in Windows, but not enabled by default

Env

additional links

Tags

blue team, deception, ransomware

You may also like

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a

Read More
Leave a Comment