Many have succumbed to the various forms on ransom-based malware. Whether it is Cryptolocker, Wannacry, Crysis or the many other forms on ransomware, numerous organizations assume they are not at risk and end up having to respond to a ransomware attack without proper preparation. This presentation will include firsthand case studies and lessons learned during my time handling numerous ransomware-related incidents over the past year to help attendees better prepare for a potential ransomware attack.
- Understand how ransomware works, what are some of the more well-known variants (i.e. Petya, Dharma, etc.), what makes then different?
- Source of some of the recent attacks I have responded to
- Some interesting IOCs from the recent campaigns I dealt with (i.e. how it is spread in the enterprise)
- Understand how to develop an IR playbook around responding to a ransomware related incident?
- Understand what the indicators of compromise you should look out for?
- Do I pay the ransom? What is involved?