Nip Ransomware in the FUD: Detecting Attacks Pre-Encryption
Ransomware operators targeting large organizations have begun to move more strategically. By using applications already installed on network systems (“living-off-the-land” techniques), off-the-shelf red team tools, and Windows utilities, their malicious behavior before encrypting files has become more difficult to distinguish from legitimate activity.
Recorded Future's cyber threat analysts researched malicious actors using living-off-the-land techniques, open source resources, and red team tools, with a specific focus on “big game” ransomware operators, to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase. The team looked at actual compromises by ransomware operators, analyzing their techniques, procedures and tool usage to derive detections.
Can't see the form? You may have a browser extension blocking it. Please allow this page to load so you can submit the form.
Watch this on-demand session for:
Best practices and methodologies that organizations can use to detect threats
Specific examples of actual compromises being exploited by active ransomware operators
Guidance on how to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase