It's not FINished: The Evolving Maturity in Ransomware Operations

Presented at Black Hat Europe 2020 Virtual, Dec. 9, 2020, 10:20 a.m. (40 minutes).

Ransom demands are becoming larger, attackers smarter, and intrusions longer. Ransomware threat actors are hitting European companies hard with more effective ransomware deployment resulting in devastating impacts to victim organisations. When they strike, their ransomware deployments are more complete, more effective, and they are crippling many organisations to the point where there is often no clear path back to business.

We will be sharing tradecraft we've seen ransomware threat actors employ across Europe in 2020. We cover how we're seeing ransomware crews leverage high-profile critical vulnerabilities to gain footholds in as many victims networks as possible, only to come back weeks or even months later to leverage those footholds into full-scale ransomware deployments.

Not only are intrusion tactics improving, but attackers are also transitioning and developing sleek ransomware-as-a-service platforms. Threat actors are professionalising and streamlining their platforms. These platforms are being used by threat actors to generate malware, to communicate and negotiate with victims, and in some cases, for payment processing and decryption utility delivery.


Presenters:

  • Mitchell Clarke - Principal Incident Response Consultant, Mandiant
    <p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Mitchell Clarke is a Principal Incident Response Consultant for Mandiant United Kingdom and Ireland. He specializes in providing enterprise-scale response operations for clients facing sophisticated network intrusions by determined attackers. Mitchell is well practiced in leading both large and complex response operations for multinational organizations as well as tightly focused response operations for highly specialized organizations protecting critical intellectual property or sensitive information. Mitchell has led organizations across multiple industries in responding to breaches by adversaries ranging from well-resourced and stealthy nation-state sponsored espionage threat groups to highly motivated cybercriminals seeking to extort or ransom victim organizations.</span></p>
  • Tom Hall - Principal Incident Response Consultant, Mandiant
    Tom Hall is a Principal Incident Response Consultant in Mandiant's UK team, and European Incident Response Function lead. As part of the Incident Response team, Tom provides services to clients when a breach occurs and has worked on Incident Response engagements globally with Mandiant since 2015. Tom has been responsible for leading and assisting organizations that involved advanced targeted threats, and works closely with colleagues on new methods to proactively identify threats using new methodologies.

Links:

Similar Presentations: