Threat actors continue to develop and hone their techniques to breach your network and gain financially from their work. It has been known for some time that actors may exfiltrate data before they attempt to ransom your network; however, it seems that this behavior is nearly a given these days.
New data suggests that in addition to an initial attack, multiple follow-on attempts to breach/ransom the very same environment are occurring using different malware and likely different actors. This suggests attackers are collaborating and sharing information about “soft targets.”
Organizations who experience a breach or ransomware event need to be diligent in solving the original issues leading to the event. They should also be aware that once they’ve remediated the threat, the recovery from this threat should include the possibility of an extortion attempt in the coming months if data was exfiltrated.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat in this webcast, and will cover:
- The prevalence of multiple attacks on the same environment
- Reasons why this is happening
- What the attack chain looks like
Nick will be joined by Ben Shell and Ryan Campbell, security analysts with CrowdStrike Falcon Complete. Ben will use some real-world use cases to point you towards practical attack tactics and malicious telltale artifacts to help identify when initial attacks occur.
Ben will be followed by Ryan, who will discuss what recovery steps need to look like, including:
- Determining if exfiltration has occurred
- Identifying the initial infection vector
- Returning the environment to a known-secure state, including password resets
- Preparing for a possible extortion event
This real training for free event will be jam-packed with technical detail and real-world application. Register today!