[Owasp-egypt] Ransomware

Saafan, A. a.m.saafan at gmail.com
Thu Jun 30 10:29:09 UTC 2016


I find it useful to protect against exfiltration / targeted type attacks.
Not sure about ransomware. I am thinking by the time responders are to act
based on the alert, big part of the damage would have already been done.
Maybe in a more mature an environment where the incident response is very
quick.

Do you know of a ransomware that goes for lateral movement using tokens?



--
Saafan

On Thu, Jun 30, 2016 at 12:19 PM, Hassan Mourad <hassan.mourad at owasp.org>
wrote:

> And what do you think about using honey tokens for early detection
> On Jun 30, 2016 10:24 AM, "Saafan, A." <a.m.saafan at gmail.com> wrote:
>
>> Some measures I found helpful:
>>
>>    - Prevent files from running from %temp% and %appdata% using group
>>    policy
>>    - Block office macros on all users with a very tight exception process
>>    - Prevent cmd and powershell for normal users
>>    - Administrative users to use a non-administrative account for daily
>>    interactions (office, web...etc) and use separate account for their
>>    administrative actions (preferably via a staging server).
>>
>>
>>
>>
>> --
>> Saafan
>>
>> On Thu, Jun 30, 2016 at 9:37 AM, Hassan Mourad <hassan.mourad at owasp.org>
>> wrote:
>>
>>> I came across this comprehensive list of ransomware and thought i'd
>>> share it with you
>>>
>>>
>>> https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
>>>
>>> Not AppSec, but definitely a nightmare for everyone in the security field
>>>
>>> What do you think is the best defense against ransomware
>>>
>>> Hassan
>>>
>>> _______________________________________________
>>> Owasp-egypt mailing list
>>> Owasp-egypt at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-egypt
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-egypt/attachments/20160630/a37bb10f/attachment-0001.html>


More information about the Owasp-egypt mailing list