tag:blogger.com,1999:blog-9518042.post5274130209635070935..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: RansomwareUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-16380712177297370142016-10-29T16:56:47.594-05:002016-10-29T16:56:47.594-05:00Ransomware is an effective vector against all OSes...Ransomware is an effective vector against all OSes and all configurations. For orgs who stalwartly removed Administrator and root-level privileges from their userbase -- they are now finding that access expansion (i.e., privilege escalation and/or lateral movement), the thing that they used to fear most -- is now dwarfed by subversion of a low-value input chain in their business-process models. The protective control that they put in place to slow down access expansion only served to speed up value-chain subversion. Let's play whack-a mole!drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-23806220234225031852016-10-29T11:47:17.864-05:002016-10-29T11:47:17.864-05:00Isn't Windows AppLocker the simple solution to...Isn't Windows AppLocker the simple solution to this problem? I'm primarily a Linux user so I'm not a expert on this. Thanks!<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-14574849143680702582016-10-29T11:32:03.329-05:002016-10-29T11:32:03.329-05:00I have always maintained that Web browsing and ema...I have always maintained that Web browsing and email should either be on a separate network from main production,or at least sandboxed. For some reason IT has never really embraced this model. Cost and complexity I presume. plf5403https://www.blogger.com/profile/03149741678434631050noreply@blogger.com