Share this page!

Mark Arena Profile picture
Twitter logo
4 Dec, 6 tweets, 2 min read
RE: ransomware, I see a lot of folks overly focusing on atomic indicators for ransomware. Ransomware is very easy to write and deploy and when a sophisticated cybercriminal is ready to deploy it, will test it out on a single system before deploying it to all [01/xx] #Ransomware
What you should be focusing on is: 1) The precursors to ransomware, i.e. (not an exhaustive list) Emotet, TrickBot, Cobalt Strike, Empire. 2) Preparing and testing backups so you can recover fast in the event of a ransomware incident across your org. [02/xx]
3) Proactively preparing people (execs, lawyers, PR etc) internally in your org as to how you will handle a ransomware incident. What will you do if someone will attempt to extort your org to pay or else they release your data publicly? How will you respond? [03/xx]
How will you communicate with media/LE/customers? Will you pay? Who will you bring in to help you respond? [04/xx]
4) Ransomware protection and containment. Read @FireEye's great report on that - fireeye.com/blog/threat-re… [05/xx]
Also I recommend checking out a blog post @gregotto wrote for us at @Intel471Inc intel471.com/blog/how-to-re… [06/xx]

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mark Arena

Mark Arena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @markarenaau

Mark Arena Profile picture
5 Dec
It's rare for someone to be experienced as a CTI analyst on both cyber espionage and cybercrime threat types. I see it often that experienced cyber espionage analysts create groups and infer links for cybercrime where they don't exist [01/xx]
To truly analyze and understand cybercrime, one must understand that it's not at all like a cyber espionage group who can be bums on seats in a govt office with mostly their own tooling, infrastructure etc [02/xx]
Cybercrime is basically an actor/small group of actors who chain different capabilities together to carry out their business. Capabilities could include bulletproof hosting, malware, crypting services, ransomware services etc. The underpinning of this is the underground [03/xx]
Read 9 tweets
Mark Arena Profile picture
7 Feb
Key points from my “Lessons from the world's leading cyber threat intelligence (CTI) programs” talk at @gcfriyadh in Riyadh. Video will be shared soon. Talking points aren’t ideal for Twitter but I’ll give it a go [1/24] #ThreatIntel #CyberThreats
@gcfriyadh A CTI program is all about reducing risk for an orgs. Risk = probability x impact. CTI about understanding the internal and external factors that impact probability + impact of risks so decisions can be made that reduce risk [2/24]
@gcfriyadh CTI by definition is threat focused. A threat is a person/group with a motivation, intent and a way of working (TTPs). Malware isn’t a threat, the person using it is. Therefore a CTI program tracks threats being people/groups over time [3/24]
Read 24 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @markarenaau has new unrolls!

Check out other threads from @markarenaau!

Read all threads by @markarenaau