Impacts on Ransomware Investigations, or Why Not To Focus On The EXE

Current ransomware reporting places an all-too-heavy emphasis on the RE of ransom executables. In most attacks, file encryption is the last action taken by threat actors.

Through a better understanding of pre-cursor ransomware actions and the complex ransomware ecosystem, defenders will be better equipped to detect and respond threat actors, inhibiting or even obviating data exfiltration and file encryption.

View Slides   Watch Video
← View Full Schedule

Harlan Carvey

Huntress