|
|
|
|
|
|
by zelon88
2354 days ago
|
|
|
You still may never find the entry point if you don't recover the machines. Saudi Aramco and Maersk fell victim to similar ransomware attacks and practically had to start from scratch buying storage devices straight from manufacturers to get back online. NotPetya was so destructive it didn't leave behind much in the way of meaningful evidence. If you don't recover the encrypted data you probably won't recover evidence that points to patient zero anyway. |
|
|