Leverage searches that allow you to detect and investigate unusual activities that might relate to ransomware. These searches include cloud related objects that may be targeted by malicious actors via cloud providers own encryption features.
- Product: Splunk Security Analytics for AWS, Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Last Updated: 2020-10-27
- Author: Rod Soto, David Dorsey, Splunk
- ID: f52f6c43-05f8-4b19-a9d3-5b8c56da91c2
Ransomware is an ever-present risk to the enterprise, wherein an infected host encrypts business-critical data, holding it hostage until the victim pays the attacker a ransom. There are many types and varieties of ransomware that can affect an enterprise.Cloud ransomware can be deployed by obtaining high privilege credentials from targeted users or resources.
|AWS Detect Users creating keys with encrypt policy without MFA||Data Encrypted for Impact||TTP|
|AWS Detect Users with KMS keys performing encryption S3||Data Encrypted for Impact||Anomaly|
source | version: 1