Read Keatron's "The Ransomware Paper: Real-life insights and predictions from the trenches": www.infosecinstitute.com/wp-content/uploads/2022/02/The-ransomware-paper-220218.pdf
Hey, I have a question: How can it be that a ransomware 1. prevents me from getting rid of it after I re-installed windows and 2. locks all external hard drives ? Can you give an answer to both questions?
This sounds more complex than ransomware. Sounds more like a rootkit, or you have an account that's compromised that they keep pushing stuff back into your device from once you rebuild the device.
Layered security, run everything in least privilege mode, keep software up to date, disable unneeded software, restrict users outbound traffic, stay up toe date with operating system patches and fixes, keep users educated on security awareness. These are not new things, they are just not being done well.
To prevent access your external connectivity needs to be tightened up to stop direct access to your internal network. The exploit used in this demo pulled the logged in administrator access key from the system memory. Disable default administrator accounts, setup non standard named accounts. But above all prevent ingress to your network
Good advice, also remember to do a layered approach. Disable unnecessary services, keep software up to date, run everything and everybody least privilege mode, and restrict where users are able to go from your environment.
Read Keatron's "The Ransomware Paper: Real-life insights and predictions from the trenches": www.infosecinstitute.com/wp-content/uploads/2022/02/The-ransomware-paper-220218.pdf
Very well explained demonstrated and everything! Congrats!
Hey, I have a question: How can it be that a ransomware 1. prevents me from getting rid of it after I re-installed windows and 2. locks all external hard drives ?
Can you give an answer to both questions?
This sounds more complex than ransomware. Sounds more like a rootkit, or you have an account that's compromised that they keep pushing stuff back into your device from once you rebuild the device.
Fantastic demo
If the key is how did they get into the environment, how do you secure against that?
Layered security, run everything in least privilege mode, keep software up to date, disable unneeded software, restrict users outbound traffic, stay up toe date with operating system patches and fixes, keep users educated on security awareness. These are not new things, they are just not being done well.
To prevent access your external connectivity needs to be tightened up to stop direct access to your internal network. The exploit used in this demo pulled the logged in administrator access key from the system memory. Disable default administrator accounts, setup non standard named accounts. But above all prevent ingress to your network
Good advice, also remember to do a layered approach. Disable unnecessary services, keep software up to date, run everything and everybody least privilege mode, and restrict where users are able to go from your environment.
Very helpful background info - I assume backup, backup, backup is the key to getting around these nasty hackers if/when they strike
Correct!
What's to keep the cyber thief from doing this to you all over again? *AFTER* you've already paid the "ransom" once?
Back up your sensitive documents, get better passwords, and never pay the attackers.
This is great!
Thank you