The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware attacks and potentially limit the malware’s damage. “The difficult part of the initial response to a human-operated ransomware attack is identifying the attack vector,” the organization pointed out. Detecting specific entries in Windows event logs – Application, Security, System, Setup … More
The post Use Windows event logs for ransomware investigations, JPCERT/CC advises appeared first on Help Net Security.