Darknet Diaries 167: Threatlocker
97 snips
Dec 23, 2025 
Danny Jenkins, CEO and co-founder of ThreatLocker, shares insights from his extensive experience in cybersecurity. He discusses alarming ransomware attacks that hit a manufacturer and a hospital, revealing how his company’s deny-by-default approach can block such threats. Also, hear about the challenges faced during recovery and the necessity of changing the security paradigm. Jenkins emphasizes the effectiveness of ThreatLocker's architecture over traditional detection methods, highlighting real-world success stories that demonstrate the importance of proactive security measures.
AI Snips
Chapters
Transcript
Episode notes
Ransomware Struck During A Holiday Drive
- The manufacturing IT lead drove home mid-holiday after being told files were renamed ".Conti" and discovered Conti ransomware had encrypted 250 servers in 15 minutes.
- He spent 27 days straight rebuilding systems and managing furious calls, team conflict, and restore priorities.
Pause Restores Until Threat Is Removed
- Stop the network and investigate entry points before restoring backups to avoid reinfection of restored systems.
- Validate backups and rebuild VMs with a controlled red/amber/green process to manage throughput and safety.
Implement Allowlisting With A Learning Phase
- Deploy application allowlisting (default deny) after learning normal apps, then switch to secure mode to block unapproved software.
- Use a request/approval portal to handle exceptions so business workflows continue while preventing unknown apps from running.