DFIR 14 May 2024
Anatomy of a ransomware breach: from one exposed RDP port to domain-wide encryption in 72 hours
A sanitized DFIR debrief of a ransomware intrusion at a large Indian manufacturer. We reconstruct the timeline from a misconfigured firewall rule and a brute-forced RDP login through Mimikatz, AV removal, PsExec lateral movement, and full-estate encryption — and the anti-forensics that nearly erased the trail.
By Cyberange DFIR Team