Your best defense against ransomware: Find the early warning signs

2020-09-23 05:00

FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware.

How does a security team find these weak but important early warning signals? Somewhat surprisingly perhaps, the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze.

Here's a guide, broken down by MITRE category, of the many different warning signs organizations being attacked by Maze ransomware can see and act upon before it's too late.

Common early warning signs to watch for in execution include users being tricked into clicking a phishing link or attachment, or when certain tools such as PsExec have been used in the environment.

Many of the early warning signs are visible on the network and threat hunters would be well served to identify these and thus help mitigate impact.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/HoWENov_QPE/

#defense #ransomware