How To Foil a Ransomware Attack In the Planning Stage
August 19, 2020
It takes two to four months for a ransomware attack to move from the initial security breach to delivery of the ransomware, so hundreds of companies could have hackers hiding in their networks at any time, preparing to trigger malware.. Now that more staff are working from home scanning your internet-facing systems for open RDP ports is vital. There are warning signs that attackers at work. Unexpected software tools appearing on the network is one. Attackers may start with control of just one PC on a network, and explore from there to see what else they can find to attack. If network scanners, such as AngryIP or Advanced Port Scanner are detected on the network, check with your security team. If no one internally admits to using the scanner, it is time to investigate. Another red flag is any detection of MimiKatz, one of the tools most regularly used by hackers to steal passwords and login details, along with Microsoft Process Explorer. There are some clear signs that a ransomware attack is imminent. These include attempts to disable Active Directory and domain controllers, and corrupt any backups, as well as disabling any software deployment systems that could be used to push patches or updates.
Read full article at:
Share this post: