Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors

Channel:
United States SANS Institute
Subscribers:
64,099
Published on ● Video Link: https://www.youtube.com/watch?v=4EhMJoPcMLY


Duration: 30:51
1,235 views
21

SANS Ransomware Summit 2022

Speaker: Kunal Shandil, Senior Forensics and Incident Response Consultant, CrowdStrike

Ransomware attacks are one of the biggest challenges for a lot of organizations. Threat actors have graduated to multifaceted extortion tactics to maximize their probability of making money. Threat Actors give their victims additional incentives to pay the ransom to avoid the leak or auction of the exfiltrated data. As per reports from multiple Security vendors, over 80% of ransomware attacks involve the theft of corporate data in addition to file encryption. Threat actors use various techniques to perform exfiltration. This talk will cover the different tools like 7zip, MegaSync, Megatools, FileZilla, rlcone used by Threat Actors for Data Staging and Data Exfiltration. I will share different Network and Host Forensics artefacts generated by these tools that can help Blue Teamers to answer the most critical questions asked by Management and Legal Counsels: 1) When the data was exfiltrated? 2) How much data was exfiltrated ? 3) What data was exfiltrated? 4) From where (systems) the data was exfiltrated?

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE



Other Videos By SANS Institute


2022-09-07SANS Cyber Solutions Fest 2022
2022-09-0248-Hour SANS Netwars Global Preview #Shorts
2022-08-24Changing the Paradigm of Cyber Risk Oversight
2022-08-23SANS Threat Analysis Rundown (STAR) | Live Stream
2022-08-23Quick Wins in Cloud Compliance: AWS
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Ransomware
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Cloud Security
2022-08-19SANS Cyber Solutions Fest 2022 - Track: SOC & SOAR
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Threat Hunting & Intelligence
2022-08-17Ransomware Management and Recovery Tactics
2022-08-17Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors
2022-08-17The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes
2022-08-17Can you Detect This? | Inside The Ransomware Operator's Toolkit
2022-08-17Initial Access Merchant Offerings & Ransomware Victims: Mapping Breached Entities & Threat Actors
2022-08-17Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement
2022-08-17SANS Netwars Core Tournament Version 8 Demo
2022-08-16Cyber Security Expertise - Where Should You Begin?
2022-08-11Kaseya Ransomware Reaction - Lessons Learned
2022-08-02The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators
2022-07-29"Crime Time" | Rethinking Ransomware and How to Disrupt It
2022-07-27Security Conversations That Matter | Seat At The Table


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
sans ransomware summit 2022
sans ransomware
ransomware summit