Explore how to detect ransomware pre-encryption with Recorded Future's analysis on 'big game' operators and living-off-the-land techniques
Ransomware operators targeting large organizations have begun to move more strategically. By using applications already installed on network systems (“living-off-the-land” techniques), off-the-shelf red team tools, and Windows utilities, their malicious behavior before encrypting files has become more difficult to distinguish from legitimate activity.
Recorded Future's cyber threat analysts researched malicious actors using living-off-the-land techniques, open source resources, and red team tools, with a specific focus on “big game” ransomware operators, to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase. The team looked at actual compromises by ransomware operators, analyzing their techniques, procedures and tool usage to derive detections.
Watch this on-demad session for:
- Best practices and methodologies that organizations can use to detect threats
- Specific examples of actual compromises being exploited by active ransomware operators
- Guidance on how to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase
Upcoming Live Webinars: Our webinars feature insights from well-known security intelligence experts.
Related Resource: Learn more about what Recorded Future's researchers gleaned about the SolarWinds attack.
Featured Webinar: A Year in Review of The Most Widely Used Malicious Command & Control Infrastructure
