Chapter 10: Investigating Data Exfiltration Techniques
Once ransomware affiliates have obtained access to privileged credentials and enabled lateral movement capability, they usually start working on their real goal. One such goal is data exfiltration.
Of course, not every group performs such activities, and even threat actors with their own DLS don't do it during every attack. Still, as double-extortion is a very common technique, incident responders should be well aware of approaches used by ransomware affiliates for the exfiltration of sensitive data from compromised networks.
In this chapter, we'll look at forensic artifacts, which allow us to understand ransomware affiliates' activities related to data exfiltration. Approaches may vary ...
Get Incident Response Techniques for Ransomware Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.