by Gregor Wegberg
During the investigation of successful ransomware attacks, among other things, the logs of the antivirus programs in use are collected and analyzed.
Often, they contain the first indications of the attackers’ attempt to establish themselves in the IT environment, learn more about the environment and escalate existing privileges.