Ransomware Q and A With Ryan Chapman – Digital Forensics & Incident Response
Ryan is a Principal Incident Response Consultant with BlackBerry. He has worked in the Digital Forensics & Incident Response (DFIR) realm for 10 years and teaches ransomware courses.
In this video, he provides an outline of ransomware attacks and explains that:
- Windows servers are the most commonly hit because they host the infrastructure itself, as well as the most critical organizational data
- Windows 10 and XP systems are the most frequently hit
- Ransom demands mostly come from remote desktop protocol and phishing
- It’s usually more cost-effective to pay the ransom but always remember you are working with criminals so you could be tricked even after paying
- Ransomware infrastructure related to phishing changes all the time
- Attacks repeat themselves with the same methods
- Mobiles are attacked less, and the ransom amounts demanded are lower, however, they are being used more in ransomware attacks, such as in SMS phishing
- Software is often exploited since it is frequently unpatched and therefore provides a way to get in
Watch the full episode to learn more.