Easy Defender Playbooks to Make Ransomware Criminals Cry

Presented at Blue Team Con 2022, Aug. 28, 2022, 1 p.m. (30 minutes)

The last few years of continuous assault by ransomware gangs against businesses and organizations have left a large mess in their wake. The onslaught makes it seem like the adage “the attackers only have to be right once” holds some truth, even if it is wildly inaccurate.

Let’s talk about what we can do as defenders to flip the script and give the bad guys a hard time. These are architecture patterns and tactics you should bake into your policies, procedures, and runbooks that would have stopped literally hundreds of ransomware attacks. And best of all, most are free and/or easy to implement.

Presenters:

• Drew Hjelm
  Drew is a seasoned incident responder who uses his previous experience as a system administrator, web developer, and consultant to help organizations navigate the most difficult times they could imagine. He has a MS degree from SANS and holds the GSE and CISSP, among other certifications. Outside of infosec, Drew enjoys exercise, biking, barbecuing, and gardening.

Similar Presentations:

• RVAsec 2021 / What’s Next In The Fight Against Ransomware
• BSides Austin 2017 / Defending against ransomware: You already have the capability, why are we not using it? This method stopped our attacks cold. Now let me show you how to do it. And it’s FREE, you don’t have to purchase anything.
• Black Hat USA 2015 / Most Ransomware Isn't as Complex as You Might Think