I'm looking for ways to track processes related to cryptocurrency encryption. I know Windows has its own tools like Cipher, but I'm curious about other processes that could be involved in encryption. For instance, would it appear as a regular Java process, or something else? My goal is to set alerts, like if 'endpoint A' modifies a significant amount of data, it should prompt an action like uninstalling NIC drivers. I understand that crypto attacks can be quite sophisticated, but what are some common indicators of such activity? Also, how can I utilize Tanium to monitor these indicators, like spotting suspicious files, high volumes of file renaming, or identifying specific processes involved in encryption beyond just the usual suspects like 'powershell.exe'?
1 Answer
Honestly, I’d recommend skipping Tanium and going for a solid antivirus or endpoint detection and response (EDR) solution. They’re better suited for catching crypto activity in real time. That way, you can stop the threats proactively instead of just monitoring them after the fact.
So those solutions can actually detect and stop crypto activities as they happen?