Incident Response Techniques for Ransomware Attacks by Oleg Skulkin

Author:Oleg Skulkin
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2022-03-10T00:00:00+00:00

As you can see, analyzing reports from various cyber security companies may provide us with great insights into ransomware affiliates' operations for us to use this CTI to make our IR engagements faster and more efficient.

In the next section, we'll look at how we can collect CTI from the cyber security community.

Community

There are thousands of incident responders worldwide, and of course, some of them like to share their findings from IR engagements. We already looked at some threat research reports, but it usually takes quite a lot of time to create one. Therefore, responders and researchers often use other media to share their findings in a short form. A very popular media platform for such sharing is Twitter.

If you are dealing with a human-operated ransomware attack and you already identified the strain, you may find quite a lot of information on the threat actors, including TTPs. Understanding the threat actor is critical. Usually, certain ransomware affiliates use specific tools and processes during certain stages of the attack life cycle.

Let's start with RagnarLocker ransomware and have a look at the following tweet from Peter Mackenzie, Director of Incident Response at Sophos (https://twitter.com/AltShiftPrtScn/status/1403707430765273095):

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.