Webinar Takeaway: EMERGENCY WEBCAST: OK, let´s talk about ransomware…

My key takeaways

• 3 types of ransomware
  1. encrypt hard drive
  2. steal files and data and threat to release them
  3. both 1 & 2
• Ransomware gangs usually have great customer support
  • it has become a serious business
• It doesn't matter if you consider your organsiation a valuable target, if at least some money could be extorted from you, you will become a target
• Deception has become essential
  • Attivo Netwoks, Honeypots, Red Canary,....
  • HoneyDocs
  • HoneyAccounts
    • be aware to log in to it so the last login time is not empty!
    • needs to be enabled
• Use RITA
• market verticals calling themself "unique" are creating excuses for not doing the "right" thing
• ransomware deletes all shadow copies using vssadmin pretty often; raccine may help here
• there is some built-in ransomware protection in Windows, but not enabled by default

Env

• Provided by BHIS
• Presenter: John Strand

additional links

• https://wildwesthackinfest.com/training/active-defense-cyber-deception-john-strand/
• https://github.com/thinkst/canarytokens-docker
• https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html
• https://github.com/jqreator/honeydoc
• https://github.com/dafthack/DomainPasswordSpray
• https://mergene.medium.com/defeating-ransomware-by-using-sysmon-and-powershell-b671920f3bb1
• Kerberos
• https://www.activecountermeasures.com/free-tools/rita/
• https://en.wikipedia.org/wiki/Regulatory_capture
• https://github.com/Neo23x0/Raccine