Ransomware demonstration: How ransomware infects a system

Рет қаралды 10,288

Күн бұрын

Пікірлер: 17

@InfosecEdu 2 жыл бұрын

Read Keatron's "The Ransomware Paper: Real-life insights and predictions from the trenches": www.infosecinstitute.com/wp-content/uploads/2022/02/The-ransomware-paper-220218.pdf

@hugon4 2 жыл бұрын

Very well explained demonstrated and everything! Congrats!

@zuberkariye2299 2 жыл бұрын

Fantastic demo

@paulperkins900 2 жыл бұрын

To prevent access your external connectivity needs to be tightened up to stop direct access to your internal network. The exploit used in this demo pulled the logged in administrator access key from the system memory. Disable default administrator accounts, setup non standard named accounts. But above all prevent ingress to your network

@KeatronEvans 2 жыл бұрын

Good advice, also remember to do a layered approach. Disable unnecessary services, keep software up to date, run everything and everybody least privilege mode, and restrict where users are able to go from your environment.

@MeekDrill 2 жыл бұрын

Thank you

@FoxKnue 2 жыл бұрын

This is great!

@michelebullock3949 2 жыл бұрын

If the key is how did they get into the environment, how do you secure against that?

@KeatronEvans 2 жыл бұрын

Layered security, run everything in least privilege mode, keep software up to date, disable unneeded software, restrict users outbound traffic, stay up toe date with operating system patches and fixes, keep users educated on security awareness. These are not new things, they are just not being done well.

@johnlysic6727 2 жыл бұрын

Very helpful background info - I assume backup, backup, backup is the key to getting around these nasty hackers if/when they strike

@KeatronEvans 2 жыл бұрын

Correct!

@fwiii1831 2 жыл бұрын

Hey, I have a question: How can it be that a ransomware 1. prevents me from getting rid of it after I re-installed windows and 2. locks all external hard drives ? Can you give an answer to both questions?

@KeatronEvans 2 жыл бұрын

This sounds more complex than ransomware. Sounds more like a rootkit, or you have an account that's compromised that they keep pushing stuff back into your device from once you rebuild the device.