The Truth about Ransomware: Its not Complicated!

The threat of ransomware now permeates our daily computing lives. News stories of attacks have become ubiquitous. While media outlets often portray ransomware attacks as advanced operations carried out by highly skilled threat actors, this often is not the case. In fact, the opposite is true -- Many ransomware attacks are opportunistic and leverage insecure configurations to enter an environment. These groups are not stealthy, in fact they are often quite loud. For example, most ransomware attacks involve multiple groups including initial access brokers (IABs), paid "pentester" affiliates, the ransomware malware authors, money mules, and more. The bulk of IABs and third-party affiliates are more akin to thieves who test door handles to find an opportunity vs. those who slink around in the shadows and cut holes in glass to enter buildings. In this talk, Ryan Chapman and Rob Lee discussing how to keep these groups out, how to detect them once they're in your network, and how to respond should the worst-case scenario occur. Thwarting ransomware isn't rocket science, it just takes awareness and diligence, so let's push to ensure we're all ready for what's ahead.

Speakers

Ryan Chapman
Ryan has worked in the Digital Forensics & Incident Response (DFIR) realm for over 10 years. He also currently teaches SANS FOR610: Reverse Engineering Malware, and he is the author of a SANS course on ransomware FOR528: Ransomware for Incident Responders, that will be available later in 2022. During his career, Ryan has worked in Security Operations Center and Cyber Incident Response Team roles that handled incidents from inception through remediation.

Rob Lee:
Rob Lee is the Chief Curriculum Director and Faculty Lead at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.