Jay Thoden van Velzen ☁️​🛡️​

This is a great blog by @megan on ransomware/data extortion in the cloud, including TTPs and a link to a recent podcast

After obtaining the correct permissions required to carry out their attack, the threat actor will then perform reconnaissance in the environment to identify the data they will exfiltrate and use to ransom the victim. ... Assuming they have the right permissions, direct access via the console, simple CLI commands, or API calls can be used to interact with [cloud] storage.

#cloudsecurity #ransomware

https://www.sans.org/blog/ransomware-in-the-cloud/

Ransomware in the Cloud | SANS

In this blog post, we discussed the evolution of ransomware into cloud environments, the TTPs leveraged by the threat actors, and how we can defend against and prepare for such attacks.

Jul 14, 2023 at 10:06pmWeb
Show threadMegan RoddieJul 17, 2023
@jaythvv thanks for sharing! Glad you enjoyed!