Hunting and Scoping A Ransomware Attack

Threat Hunting Summit 2021

By

October 8, 2021

All presentations are copyrighted. No re-posting of presentations is permitted

https://www.youtube.com/watch?v=h076AA1ZroY

Hunting and Scoping A Ransomware Attack

Encrypting all your files is a ransomware actors' final objective. But when the frantic helpdesk calls start coming in, can you quickly identify all impacted devices? Can you determine if data exfil and extortion are part of the attack? Can you tell if they destroyed your backups? This talk will cover common ransomware gang "hands on keyboard" techniques for stealing your data, disabling defenses, and making your data and devices resistant to recovery. Participants will take away hunt logic which can be employed right away for early detection and rapidly scoping a ransomware compromise.

Hunting and Scoping A Ransomware Attack

Related Content

blog image - ransomware summit.png

Digital Forensics, Incident Response & Threat Hunting

A Visual Summary of SANS Ransomware Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS Ransomware Summit 2024

DFIR - Blog - The Evolution of Enterprise Threat Hunting- Detailed Insights from the SANS 2024_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

The Evolution of Enterprise Threat Hunting: Detailed Insights from the SANS 2024 Survey

The SANS Survey highlights threat hunting's evolution with increased formalization and strategic integration to enhance cybersecurity effectiveness.

DFIR_ICON_(1).PNG

CTI_Blog_part_1_(1).png

Digital Forensics, Incident Response & Threat Hunting

January 12, 2024

Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)

How to approach, research, and develop analytic assessments on emerging technologies and threat trends (Part 2)