Ransomware incidents often follow a standard playbook that contains similar stuff to: AD Recon with PS - Cobalt Strike - SystemBC - Common tools such as AdFind, Mimikatz, PsExec, etc. 1/2
@DebugPrivilege
If you're looking at TTPs, specifically, I think
@kaspersky
did a phenomenal job profiling the top 8 ransomware actors in the below report.
@DebugPrivilege
Put resources into incident response, instead of just prevention.
Deliver easily actionable information and moving proactively and transparently to maintain trust is vital.
Be prepared for responding to worst and donβt think about failures of catastrophic proportions.