Summary
The unfortunate reality of the situation is that ransomware is here to stay. The takeaway from that is that responders and analysts need to be able to identify, extract, and analyze evidence related to these types of attacks. In this chapter, we learned how to examine a common initial infection vector, how to determine the theft of credentials, how to detect lateral movement, and how to identify the threat actor’s command and control. This is a solid starting point, and it is imperative to keep up to date with how threat actors operate through the continuous review and incorporation of threat intelligence.
In the next chapter, we will look at how to apply the tools and techniques we have examined in previous chapters to the proactive practice of threat hunting.
