167: Threatlocker

December 23, 2025

49 min episode · 2 min read

Unnamed IT Operations Manager

Episode

49 min

Read time

2 min

AI-Generated Summary

Published Jan 1, 2026

Key Takeaways

✓Ransomware Response Protocol: When hit with Conti ransomware encrypting 250 servers in 15 minutes, immediately shut down all systems, identify entry points, verify backups are clean, and establish red-amber-green device tracking before restoration to prevent reinfection.
✓Application Whitelisting Implementation: Deploy zero trust endpoint security in learning mode first to catalog legitimate business applications, then switch to deny-by-default where only approved software runs. Users request new apps through portal for IT approval, blocking ransomware automatically.
✓VPN Security Requirements: Multi-factor authentication on VPNs is critical—one hospital breach occurred when attackers bought domain admin credentials on dark web and accessed VPN without MFA, then pivoted to connected hospital systems lacking protection.
✓Defense in Depth Strategy: Security requires three layers—people training to avoid phishing, detection tools to identify threats, and controls like IP restrictions and application blocking. Only controls are fully manageable by IT since users make mistakes and detection misses new threats.

What It Covers

ThreatLocker CEO Danny Jenkins and security professionals share ransomware attack stories, explaining how application whitelisting and zero trust security models prevent malware by blocking all unauthorized software from running by default.

Key Questions Answered

•Ransomware Response Protocol: When hit with Conti ransomware encrypting 250 servers in 15 minutes, immediately shut down all systems, identify entry points, verify backups are clean, and establish red-amber-green device tracking before restoration to prevent reinfection.
•Application Whitelisting Implementation: Deploy zero trust endpoint security in learning mode first to catalog legitimate business applications, then switch to deny-by-default where only approved software runs. Users request new apps through portal for IT approval, blocking ransomware automatically.
•VPN Security Requirements: Multi-factor authentication on VPNs is critical—one hospital breach occurred when attackers bought domain admin credentials on dark web and accessed VPN without MFA, then pivoted to connected hospital systems lacking protection.
•Defense in Depth Strategy: Security requires three layers—people training to avoid phishing, detection tools to identify threats, and controls like IP restrictions and application blocking. Only controls are fully manageable by IT since users make mistakes and detection misses new threats.

Notable Moment

An IT director drove six hours home from vacation after ransomware hit, worked 27 straight days rebuilding infrastructure, and convinced leadership to take three weeks for proper rebuild instead of five-day quick restore, fundamentally changing their security approach.

Know someone who'd find this useful?