SECurity FUNdamentals

Surviving a Ransomware Attack – Lessons from the Field


Security Fundamentals (714AB) October 9, 2019 - Feedback     

Bookmark and Share

Peter Morin

Many have succumbed to the various forms on ransom-based malware. Whether it is Cryptolocker, Wannacry, Crysis or the many other forms on ransomware, numerous organizations assume they are not at risk and end up having to respond to a ransomware attack without proper preparation. This presentation will include firsthand case studies and lessons learned during my time handling numerous ransomware-related incidents over the past year to help attendees better prepare for a potential ransomware attack.

  • Understand how ransomware works, what are some of the more well-known variants (i.e. Petya, Dharma, etc.), what makes then different?
  • Source of some of the recent attacks I have responded to
  • Some interesting IOCs from the recent campaigns I dealt with (i.e. how it is spread in the enterprise)
  • Understand how to develop an IR playbook around responding to a ransomware related incident?
  • Understand what the indicators of compromise you should look out for?
  • Do I pay the ransom? What is involved?