Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security geek, and geeks fight fire with fire. Or put another way, they fight evil with evil. This talk will demonstrate how to use technology commonly found in “rootkits” to render ransomware impotent.