How to Prevent Ransomware: 5 Common Behaviors to Hunt

Before We Begin

Before we go over our ransomware behaviors, I wanted to let you know that all of the ransomware behaviors you’re going to see below are available for FREE as hunt packages in our HUNTER threat hunting content platform! If you would like the query, runbook, and so much more, go to https://hunter.cyborgsecurity.io click sign up and use promocode “RANSOMWARESUCKS” for your free community edition account!

How to Prevent Ransomware — Behavior #1

Excessive Windows Discovery and Execution Processes — Potential Malware Installation

How to Prevent Ransomware — Behavior #2

Excessive File Write or Modifications With Common Ransomware Note Extensions

How to Prevent Ransomware — Behavior #3

Excessive Microsoft Windows Services Stopped

How to Prevent Ransomware — Behavior #4

Windows sc Used to Disable Services — Potential Ransomware

How to Prevent Ransomware — Behavior #5

Shadow Copies Deletion Using Operating Systems Utilities

Conclusion

While ransomware continues to be the bane of many companies and governments worldwide, proactive hunting can help identify these behaviors before the adversary has a chance to carry out their objective and help CISOs answer the burning question of “how to prevent ransomware.”

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.