Chapter 11: Investigating Ransomware Deployment Techniques
The main goal of a human-operated ransomware attack is to encrypt as much data as possible. In many cases, the threat actors use various ransomware families obtained via ransomware-as-a-service programs or developed by some of the team members. At the same time, in some cases, they may use legitimate software for encryption. Common examples are BitLocker and DiskCryptor.
Usually, at this point, ransomware affiliates have full control over the compromised network: they collected information about the available hosts, obtained elevated credentials, removed backups, disabled security products, and placed backdoors for redundant access.
In this chapter, we'll look at the most common techniques ...
Get Incident Response Techniques for Ransomware Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
