CyberSecurity updates
Updated: 2024-10-10 06:42:53 Pacfic

Flag This


JPCERT/CC Investigates the Possibility of Using Windows Event Log Information to Support the Identification of Human-Operated Ransomware. - 9d

JPCERT/CC, a Japanese cybersecurity organization, investigated the use of Windows event log information to identify human-operated ransomware attacks. They found that some ransomware leaves traces in the Windows event log, allowing for potential identification based on these characteristics. The research analyzed the event logs recorded during the execution of various ransomware strains, including Conti, Phobos, Midas, BadRabbit, and Bisamware. Each ransomware was found to have unique patterns in the event logs, revealing specific actions and modifications made during the attack. This research provides valuable insights into the potential use of Windows event logs for incident response and threat detection, emphasizing the importance of analyzing event logs to identify and mitigate ransomware attacks.