咨询 AWS：解答您的勒索软件疑问 [重复].pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Kyle DickinsonSr.Threat Detection and Response SpecialistAmazon Web ServicesSteve de VeraManager C

2、ustomer Incident Response TeamAmazon Web ServicesDan DutrowManagerAmazon Web ServicesAsk AWS:Your ransomware questions answeredS E C 3 0 2 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.How is this session different?This is an“Ask AWS”Chalk TalkWe have a lot of slidesBut we rathe

3、r answer your questions 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.What is Ransomware?Ransomware refers to a business model and a wide range of associated technologies that unauthorized users use to extort money from entitiesUnauthorized users use system vulnerabilities to ac

4、cess data and then restrict the rightful owner from accessing it 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.PSA:Dont pay the ransomContact AWS Support to connect with the AWS Customer Incident Response Team(CIRT)2025,Amazon Web Services,Inc.or its affiliates.All rights reserv

5、ed.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Events Patterns 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Exposed IAM Credentials(IMDSv1 Misuse)S3-SSE-C EncryptionS3-Data DestructionEvent Patterns 2025,Amazon Web Services,Inc.or its affiliates.All right

6、s reserved.Exposed IAM Credentials(IMDSv1 Misuse)InitialAccessExecutionDefenseEvasionDiscoveryLateralMovementPublic-Facing Application:EC2 Application CompromisePersistenceImpactPrivilegeEscalationCredentialAccessCollectionExfiltrationT1190.A016T1552.005awsService:EventNameMITRE or TTC IDUnsecured C