Detecting & Responding to Funklocker Ransomware with Wazuh

Описание: In this video, we explore how Wazuh can be used to detect and respond to Funklocker ransomware attacks on Windows endpoints. Based on the official Wazuh blog post “Detecting and responding to Funklocker ransomware with Wazuh,” we break down the full theoretical workflow — from log collection to alerting and remediation.
Wazuh

You’ll learn about:

Behavior of Funklocker ransomware — how it attempts to disable security logs, disable real-time protection, delete shadow copies, terminate processes, and encrypt files with .funksec extension.
Wazuh

How to configure a Windows endpoint with the Wazuh agent + Sysmon to monitor critical system events and forward them to Wazuh for analysis.
Wazuh

How Wazuh rules detect suspicious behavior: disabling event logs or security services, execution-policy bypass, mass process termination, service shutdowns, shadow copy deletion, and detection of encrypted files.
Wazuh

Use of Wazuh’s File Integrity Monitoring (FIM) + optional YARA integration for ransomware file detection and automated removal before execution.
Wazuh

How Wazuh’s dashboard surfaces alerts for these behaviors — enabling threat hunting, incident response, and proactive defense.
Wazuh

This discussion is aimed at: Security Engineers, SOC Analysts, Windows administrators, and everyone interested in understanding how Wazuh can defend endpoints against modern ransomware like Funklocker using behavior-based detection and active response.

#Wazuh #Funklocker #Ransomware #EndpointSecurity #Sysmon #YARA #CyberSecurity #SIEM #ThreatDetection #WindowsSecurity #SecurityEngineering #ActiveResponse #wazuhintegration #wazuguardix