Ransomware has evolved from a commodity malware strain primarily targeting home users, to a devastating and effective tool in the arsenal of advanced threat groups. As these human operated cyberattacks continue to be a lucrative source of income for threat actors, ransomware will continue to pose a major threat to many organisations.
If threat actor activity can be detected in the environment early enough in the kill-chain, analysts stand a much better chance of unravelling the entire attack and reducing the risk to their organisation.
In this on-demand webinar Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant, will outline:
• The anatomy of a human operated ransomware attack
• What additional log data can be enabled within a Windows environment to allow better tracing of threat actor activity, including:
o Process creation with command-line execution
o PowerShell logging
o Microsoft Sysmon
• How you can trace and alert on possible threat actor activity within your environment, with these log sources