Ransomware Emergency Response Guide

Language 2023-05-05 00:23:48 views: null

Ransomware Emergency Response Guide

1. Attack characteristics of ransomware
2. Quarantine the infected server/host
3. Check the business system
4. Determine the type of ransomware and conduct traceability analysis
5. Restoring data and business
6. Clear reinforcement
7. Defense against ransomware
- Personal Endpoint Defense Technology
- Enterprise-level terminal defense technology

1. Attack characteristics of ransomware

No C2 server encryption:

In the process of encrypting files, attackers generally no longer use the C2 server, which means that the current ransomware does not need to return the private key when encrypting

Randomly generate a new encryption key pair (asymmetric public and private keys) before encryption;
Encrypt the file using the newly generated public key;
Use the attacker's pre-buried public key to encrypt the newly generated private key, save it in an ID file or embed it in an encrypted file.

Decryption process without C2 server encryption technology:

Submit the encrypted private key in the ID string or encrypted file by mail or online submission (generally, the attacker will provide tools to extract the private key);
The attacker uses the reserved private key corresponding to the embedded public key to decrypt the private key submitted by the victim;
Deliver the decryption private key or decryption tool to the victim for decryption

Guess you like

Origin blog.csdn.net/Gherbirthday0916/article/details/130262469

Ransomware Emergency Response Guide

Operation and Maintenance Bible: Ransomware Emergency Response Guide

Security Emergency Response Guide

Mining Trojan Emergency Response Guide

Operation and Maintenance Bible: Webshell Emergency Response Guide

Emergency response / safety traceability

linux security emergency response

Windows Security Emergency Response (a)

Linux emergency response notes

Emergency response learning

Emergency response methods and capabilities

Emergency response process

Organize the emergency response process

Linux Emergency Response Troubleshooting

Windows Emergency Response Troubleshooting

The whole process of emergency response

Safety emergency response case

windows emergency response

Windows common emergency response command

linux common commands emergency response

Emergency Response -PDCERF model (rpm)

[Reserved] emergency response and investigation traceability

The most complete "ransomware" response plan

MBR Ransomware Manual Repair Guide

[Windows] Emergency Response ideas invasion investigation

Linux and windows of emergency response focus on examination of items

Emergency response measures to deal with the extortion virus (classwork)

Emergency Response and Disposal Process-System Investigation

An article clarifies Linux emergency response techniques

Basic concepts and basic operations of emergency response

Recommended

TIOBE May list: Fortran “resurrected” into Top 10

GCC 14.1 released

Ranking

B. Little Girl and Game【1300 / 回文字符串博弈论】

CIKERS Shane 20190613

"Javascript advanced programming" study notes - the constructor and prototype

beeline hiveserver2 start

springboot - Automatically backup mysql data every day

Data Storage Full Solution--Detailed Persistence Technology

Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original

TCP / IP protocol layers structure and function

Command type literal pos: unknown； Fallback type literal pos: unknown] with root cause

Design of multifunctional curtain controller with indoor anti-theft alarm

Daily

More

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)