During the recent SN episode covering yet more Ransomware/RaaS, I had some thoughts as to ways to fight the bad guys. Of course this is on the basis that you may know that you could be exploited and be prepared for that eventuality and react.
- Have Canary Tokens on your network to be encrypted too (or encrypt them with the malware). All you need to do is send the file in their "proof that decryption can happen" phase and <bingo> you have their IP address
- Use a security firm to create a malware-infected file that will infect them and allow you to attack back once they decrypt and view the file