In ‘Machine Learning for Ransomware Detection. Cyber Kill Chain Analysis. Part 1 of 2’ we looked into the threat landscape with regards to the internet facing attack surface, Advanced Persistent Threats (APT’s), Remote Code Execution (RCE’s), and low-level threat actors. As well as the detection of ransomware across the Cyber Kill Chain, and an analysis of initial access of publicly exposed infrastructure and internal recon, including a discussion of attack and recon tools in SMB, with a look at model template flexibility.

Now, in ‘The Early Indications of a Breach. Cyber Kill Chain Analysis. Part 2 of 2’ we continue the discussion, to cover the following key points.

This Paper Includes:

Analysis into Attack Tools Download and Unusual BITS Activity.
Analysis into Lateral Movement – New or Unusual Remote Command Execution.
A look at C2 Communication- Botnet C2 Behaviour. And Encryption – Suspicious SMB File Extension.
Examples of Data Exfiltration and Privilege Escalation
Recommendations of what companies can do to protect against ransomware in terms of prevention.
Key questions answered. Including can Ransomware Encrypt a File that is Already Encrypted? Should Organisations Pay Ransoms? And what Does the rest of 2021 Look Like in Terms of Ransomware Attacks?