FalconFriday — Detecting important data destruction by ransomware — 0xFF15

Post-Image

FalconFriday — Detecting important data destruction by ransomware — 0xFF15

Organisations store heaps of important data, which is important to their business processes or can be considered intellectual property. Ransomware actors leverage this data to improve the chance of receiving ransom payments. Nowadays, they are also smart enough to destroy your backups before encrypting your important data. This FalconFriday provides some insights on how to detect such behaviour.

The more advanced ransomware actors nowadays are “smart” enough to destroy your backups prior to leveraging your important data for ransom payments. As such, we highly recommend storing redundant copies of your backups, of which at least one copy is only accessible after MFA, combined with very strict access control. This can be achieved with for example cloud storage providers.

Cross post from medium.com, please read the full article here:

https://medium.com/falconforce/falconfriday-detecting-important-data-destruction-by-ransomware-0xff15-75f76ed4a4cd

Direct link to our Github page:

https://github.com/FalconForceTeam/FalconFriday