-
Book Overview & Buying
-
Table Of Contents
Incident Response Techniques for Ransomware Attacks
By :
Often, during post-exploitation activities, ransomware affiliates think about obtaining redundant access to the network. So, during your incident response engagements, you may face various persistence techniques. This step is almost as important as the door kick. Establishing a secondary foothold by setting up a backdoor is a threat actor's way of ensuring they can always come back. Let's look at the most common examples.
Often, especially if we are talking about RDP or VPN compromise, the threat actors use legitimate accounts to access the corporate network. As they may pose as several compromised accounts, this technique may be used to gain persistent access. What's more, as the accounts are legitimate, ransomware affiliates may stay undetected for quite a long period.
If ransomware affiliates already have privileged accounts, they may use them to create additional accounts to gain...
Change the font size
Change margin width
Change background colour