LinkedInX (ex-Twitter)

USUAL MODUS OPERANDI OF RANSOMWARE

  • Many ransomwares are deployed by using PsExec locally or via a GPO.

    • When the deployment uses GPOs it often binds to the domain root to impact all compatible devices in the domain.

    • The name of this GPO is often randomly generated.

    • When the deployment is done via PsExec it is often preceded by the creation of a scheduled task that will execute the encryption command.

PreviousCHRONOLOGYNextLIST OF ACTIONS TO TAKE

Last updated