Jun 16, 2021
Today our good pal Christopher Fielder from Arctic Wolf is back for an
interview three-peat! He joins Joe "The Machine"
Skeen (a.k.a. Gh0sthax) and I to talk about
all things ransomware, including:
How the Colonial Pipeline incident may have
a weak VPN cred with no MFA. Silver lining (?) -
some of the $ back.
Was the federal government's response good enough?
What should the government be doing to better
handle and manage ransomware?
- Common ways ransomware gets in our environments, and some ways
to NOT get ransomware'd:
- Use 2FA (make sure that all accounts are
- Consider having (if possible) your AD user scheme be something
like chi-user4920394 instead
- Have users that haven't logged in for X days get automatically
- Train your users - consider Arctic Wolf's managed
security awareness offering
- Detect early signs of compromise like Kerberoasting
- Lock down your DNS egress to only specific servers so that it
doesn't run "wide open"
- Leverage good threat intel