• Orbituary@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    2
    ·
    5 months ago

    I work in the anti-crypto scam industry. I applaud their efforts. Ethical fuckery.

      • Orbituary@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        5 months ago

        Quite a lot, actually. This is really a summation and not comprehensive.

        • Evaluate an environment after incident:
          • looking for IOCs, determine spread
          • Determine backup status and restore if possible
          • Return environment to healthy state (AD restore, replication, networking, etc.,)
          • Lockdown of security holes
          • Advise on best practices going forward
        • Decrypt environment if client pays ransom

        etc., etc.

        Depending on the complexity of the environment, this can take a lot of time and effort: much bigger than most internal teams are capable of doing. A client I had in Feb-Mar lasted a total of 3200 hours of work between 12 people on my team across 34 locations to unfuck the situation.