Allan “Ransomware Sommelier🍷” Liska
24K posts
Allan “Ransomware Sommelier🍷” Liska
@uuallan
Back The Press Guardian & The Clock:1942 kickstarter.com/projects/green…
- 🧵 I've been working on a presentation that looks at signs that you are probably in the early stages of a ransomware attack. The idea is to look at logs/threat hunting indicators that are almost always a sign of ransomware reconnaissance. Here is the list I have, I'd love to see
- I sincerely appreciate all of the great suggestions. Here is the updated chart based on everyone's input. I had to reformat it make it readable. I originally had company logos where the ransomware icon is but I figure companies won't want their logo on a ransomware chart 🤣.
I could use your (yes you) help. I am trying to compile a list of vulnerabilities ransomware groups (or their access brokers) use to gain initial access. Excepting Kaseya, are there any others I am missing from this list? Remember, this is initial access only. - I am trying to map out the anatomy of a ransomware attack. Are there any glaring steps or tools I am missing from this diagram (I know I didn't get all the tools ransomware groups use, but did I miss any big ones)?
- Big News 🚨! My ransomware book is out, but the book is just one part of a bigger project, ransomware.org. A comprehensive site designed to help orgs defend against ransomware...and they are making all the content from the book available at no cost. Please visit!
- Weird question, but does anyone know where I got these cards? I thought it was @dustrial, but I don’t see them on their site. I just sent my last one and want to order more.
- 20+ years ago, when I entered Infosec the books I read were about firewall configuration and deep dives into protocols. Now, I am reading @VossNegotiation’s book, “Never Split the Difference,” to understand better ways to deal with ransomware groups.
- It is always amazing to me the things it never occurred to anyone to start tracking. It am glad this is being done now.
- I could use your (yes you) help. I am trying to compile a list of vulnerabilities ransomware groups (or their access brokers) use to gain initial access. Excepting Kaseya, are there any others I am missing from this list? Remember, this is initial access only.
- I want to expand on the targeting point I made yesterday, but in non-meme format. This is a breakdown of known ransomware victims by industry in 2020 and 2021 that @ddd1ms and I have been working on. Notice, that with the exception of healthcare and possibly local government 1/4
- All the people going to Blackhat/Defcon who talk about burner phones and burner laptops obviously don't know how to conference. I just bring my own portable Faraday Cage on wheels. Makes it easier to get around AND no one can hack me. Just kidding, I just don't go 🤣
