Preparing for Post-Intrusion Ransomware
Mon, 11 Jan 2021 17:00:00 +0000
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped
| Dec | JAN | Feb |
| 14 | ||
| 2020 | 2021 | 2022 |
Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.
The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.
This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.
Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.
The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.

Mon, 11 Jan 2021 17:00:00 +0000
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped
Mon, 04 Jan 2021 17:00:00 +0000
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Mon, 21 Dec 2020 17:00:00 +0000
Mon, 14 Dec 2020 17:00:00 +0000
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Mon, 07 Dec 2020 17:00:00 +0000
Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.
Mon, 18 May 2020 15:00:00 +0000
Coordinated Vulnerability Disclosure is hard: Here is what to do about it.
Thu, 24 Jan 2019 14:00:00 +0000
Hopefully what we’ve outlined as suggested services and functions a PSIRT could offer at the various stages of their development will be helpful and inspires your team to raise their game.
Wed, 23 Jan 2019 14:00:00 +0000
Are you mature, are you immature - what are you? Maturity Level 2 is about adapting the ad-hoc PSIRT strategies into full blown policies and processes.
Tue, 22 Jan 2019 14:00:00 +0000
To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?
Mon, 21 Jan 2019 14:00:00 +0000
The right place to get your fill on how to make a world-class Product Security Incident Response Team.
Mon, 29 Oct 2018 19:00:00 +0000
An organizers view on the 2018 Oslo Technical Symposium
Mon, 29 Oct 2018 19:00:00 +0000
Alexander Jaeger shares his expirience after 100 days being on the board of directors of FIRST.
Sat, 22 Sep 2018 10:00:00 +0000
Maarten Van Horenbeeck, Board Member of FIRST, delivers a statement to the Global Commission on the Stability of Cyberspace, in Singapore.
Mon, 23 Apr 2018 10:00:00 +0000
Klée Aiken, APNIC's External Relations Manager, shares his views on cyber norms and how they will impact incident responders.
Thu, 12 Apr 2018 07:00:00 +0000
Background on the issue
Tue, 10 Apr 2018 07:00:00 +0000
CERT NZ describes how important the usage of WHOIS is during an incident investigation.
Tue, 27 Mar 2018 10:00:00 +0000
Microsoft's Principal Security Program Manager, Jerry Bryant, discusses a long history of building trust and engagement in security.
Sat, 06 Jan 2018 10:00:00 +0000
An overview of the Global Conference on Cyberspace, and the work FIRST does in the policy community.
Mon, 11 Dec 2017 13:00:00 +0000
EUrope is in the course of introducing completely new legisaltion regulation privacy and data protection. Much of the data that CSIRTs use potentially is affected by this.
Mon, 27 Nov 2017 10:00:00 +0000
As the internet becomes imorteant in every more areas of our daily lifes ways need to be found to ensure resilience. The by far most important to achieve cyber resilience is collaboration across boarders.
Mon, 06 Nov 2017 16:00:00 +0000
The FIRST tech team is re-working a lot of things behind the scenes. Some insights from the frontier.
Wed, 01 Nov 2017 02:00:00 +0000
Recent updates from the Board of Directors about recent activities and an outlook what we are currently working on.
Thu, 19 Oct 2017 10:00:00 +0000
For the longest time the growing Internet and digital communication was hailed as the path to a new and better world. But poorer countries where mostly left out from the benefits. Serge Droz writes about how FIRST delivers training in these regions.
Sat, 17 Jun 2017 10:00:00 +0000
The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.
Fri, 16 Jun 2017 01:00:00 +0000
Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.
Thu, 15 Jun 2017 23:55:00 +0000
Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates."
Tue, 13 Jun 2017 23:00:00 +0000
Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the founder and a core developer of the open source GRR Incident Response project.
Tue, 13 Jun 2017 15:00:00 +0000
FIRST's Annual Conference kicked off on Monday morning, June 12th of 2017 with its opening keynote speaker, Facebook Chief Security Officer (CSO) Alex Stamos. As security lead for one of the world’s most noted companies, Stamos began his lecture with some of the biggest security challenges Facebook deals with.
FIRST runs a blog open to members and invited guest authors. It publishes contributions relevant to incident responders. Articles should focus on general topics interesting to members. It will not be used to promote individual organisations, products or services. If you are interested in contributing, please get in touch with first-blog@first.org.
Learn more about the Forum of Incident Response and Security Teams through regular blog posts about our organization, events and other programs. Questions or comments? Contact first-press@first.org.
RDF Site Summary (RSS) is a lightweight multipurpose extensible metadata description and syndication format.
Subscribe to the FIRST Blog using our RSS feed:
RSS 2.0