Splunk vs. REvil Ransomware
REvil
Revil is a type of ransomware known for its aggressive tactics, mainly encrypting victims data and demanding large ransoms for decryption keys.
Affected user reports their desktop background changed to something that includes a ransom note. Investigate using the Splunk SIEM containing Sysmon event logs.
Q1 Identify the filename of the note that the ransomware left behind?
Q2 Pinpoint the source, what’s the PID of the ransomware thats likely involved?
- 5348
- Why?