|
|
|
|
|
|
by technion
1866 days ago
|
|
|
We don't usually get those details published in the case of events, but as someone who's seen more ransomware than I want to admit to, nearly every case comes down to either a word macro, or a .js file inside a zip file. Both of which are easily blocked with a GPO. These guys do a lot of honeypot writeups that are pretty consistent with my experience: https://thedfirreport.com/ |
|
|