Ransomware's Big Year - from nuisance to "scourge"? - DEF CON Policy Panel

Presented at DEF CON 29 (2021), Aug. 6, 2021, 1 p.m. (45 minutes)

According to a former senior White House official, 2020 was the year that ransomware went from being a nuisance to a full-scale national security threat and a "scourge". After an awkward adolescence spent shaking down individual users for a couple hundred dollars and a big debut in 2017 with WannaCry and NotPetya , ransomware really hit the big time in 2020. Ransom payments may have topped $400 million plus that year. But those sums are nothing compared to the damage that ransomware campaigns can cause, especially when they hit critical infrastructure like Colonial Pipeline. And even months after Colonial Pipeline, ransomware continues to regularly subvert and cripple enterprises in the US and Europe. Are we not learning the right lessons on defense? Or is it not just an infosec problem, but also an international security issue, with cybercrime being actively wielded - yet again - as a political weapon?

Presenters:

• Chris Painter - co-chair, Ransomware Task Force
  Chris Painter is a globally recognized leader and expert on cybersecurity and cyber policy, cyber diplomacy and combatting cybercrime. He is the President of the Global Forum on Cyber Expertise Foundation, serves on the Board of the Center for Internet Security, is a non-resident Senior Advisor at the CSIS, an Associate Fellow at Chatham House, and is on the Public Sector Advisory Board for Palo Alto Networks. He was also a co-chair of the Ransomware Task Force and a Commissioner on the Global Commission on the Stability of Cyberspace. Chris has been on the vanguard of U.S. and international cyber issues for over thirty years. In his most recent government role as Coordinator for Cyber Issues ((2011-2017) in the State Department, he coordinated and led the United States' diplomatic efforts to advance an open, interoperable, secure and reliable Internet and information infrastructure. Prior to joining the State Department, Mr. Painter served in the White House as Senior Director for Cyber Policy in the National Security Council. He was a senior member of the team that conducted the President's Cyberspace Policy Review in 2009. Among other distinctions, Chris received The Order of the Rising Sun from the Government of Japan for promoting U.S-Japan cyber cooperation in 2018 and received the Order of Terra Mariana from the President of Estonia in 2020 for promoting cyber cooperation.  He is also the recipient of the RSA Award for Excellence in the Field of Public Policy (2016), the Attorney General's Award for Exceptional Service, and the Intelligence Community Legal Award (2008).
• LawyerLiz
• Kevin Collier - NBC News, Panel Moderator
• Robert Graham - Erratasec
  Robert Graham is a well-known cybersecurity. He created the BlackICE personal firewall in 1998, and created the first network intrusion prevention system (IPS). He's also known for creating "sidejacking" of session cookies from the network. Recently, he's known for masscan, which can scan all 4 billion addresses of the Internet within a few minutes. He regularly blogs at https://blog.erratasec.com on technical topics, cyber rights, and tech policy.
• Kurtis Minder - CEO, GroupSense
  Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider in Digital Risk solutions. Kurtis built a robust cyber reconnaissance operation protecting some of the largest enterprises and government organizations. Kurtis has been the lead negotiator at GroupSense for ransomware response cases. He has successfully navigated and negotiated some of the largest ransomware, breach, and data extortion cases world-wide. With over 20 years in the information security industry, Kurtis brings a unique blend of technical, sales and executive acumen.
• Jason Healey - Columbia University
  Jason Healey is a Senior Research Scholar at Columbia University's School for International and Public Affairs specializing in cyber risk and conflict. Prior to this, he was the founding director of the Cyber Statecraft Initiative of the Atlantic Council where he remains a Senior Fellow. He is the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012 and helped create the world's first cyber command in 1998, the Joint Task Force for Computer Network Defense, where he was one of the pioneers of cyber threat intelligence. During his time in the White House, he was a director for cyber policy, coordinating efforts to secure US cyberspace and critical infrastructure. He created Goldman Sachs' first cyber incident response team and later oversaw the bank's crisis management and business continuity in Asia. He is a founding member and past president of the Cyber Conflict Studies Association and is a review board member of the DEF CON and Black Hat security conferences.

Links:

• https://defcon.org/html/defcon-29/dc-29-speakers.html#policy-ransom
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Policy Panel - Ransomware’s Big Year - From Nuisance to Scourge - Live.mp4

Similar Presentations:

• RVAsec 2021 / What’s Next In The Fight Against Ransomware
• BSides Austin 2017 / Defending against ransomware: You already have the capability, why are we not using it? This method stopped our attacks cold. Now let me show you how to do it. And it’s FREE, you don’t have to purchase anything.
• NolaCon 2017 / The Devil's Bargain: Emerging Trends in the Ransomware Ecosystem