Anti-Ransomware: Turning the Tables

Presented at ShmooCon XIII (2017), Jan. 14, 2017, 5 p.m. (60 minutes)

"ZOMGWTFBBQ! We just got hit with Ransomware!�? What you don't usually hear next is, "LOL!�? You can build defenses that prevent Ransomware from paralyzing your organization - we'll show you how. Watching business executives trying to buy Bitcoin is like watching grandmothers trying to buy heroin - awk-ward!

Ransomware is now a billion dollar industry, having exploded in popularity in 2016 and it's only going to get tremendously HUUGE in 2017. Lost productivity costs far more than the average ransom, so execs just say, "Pay the damn thing and make it go away.�? But what if you could stop Ransomware in its tracks?

We'll discuss the technical tools and methodologies that are battle-proven and ACTUALLY WORK, as evidenced by ransomware that was prevented entirely, as well as ransomware infections that went nowhere due to proper mitigations in place. Finally, insights into the future of this exploding cybercrime niche, we'll offer predictions on how this "industry" will evolve and what to expect next.


Presenters:

  • G. Mark Hardy
    G. Mark Hardy (@g_mark) is founder and President of National Security Corporation, and has provided cyber security expertise to government, military, and commercial clients for over 30 years. He is also founder and CEO of CardKill Inc., a credit card fraud prevention company that has invented technology to preemptively kill stolen credit cards even before they are used in fraud. He is a retired U.S. Navy Captain, having been entrusted with nine command tours throughout his career. A graduate of Northwestern University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and holds the CISSP, CISM, GSLC, and CISA industry certifications.
  • Gal Shpantzer
    Gal Shpantzer (@Shpantzer) is a trusted advisor to CSOs of major corporations, technology startups, large universities and non-profits/NGOs, focusing on ransomware and other disruptive threats. Gal has been involved in multiple SANS Institute projects, including co-editing the SANS Newsbites since 2002, revising the E-Warfare course and presenting talks on cyberstalking, CAPTCHAs and endpoint security. In 2009, he founded the privacy subgroup of the NIST Smart Grid cybersecurity task group, resulting in the privacy chapter of NIST IR 7628. He is a co-author of the Managing Mobile Device Security chapter in the Information Security Management Handbook (2010) and technical editor of the O'Reilly book on Blue Team (2017). While working with EnergySec on threat intelligence sharing in the electric sector, Gal contributed to the ES-C2M2 security assessment standard (2012), and the Publicly Accessible Control Systems Working Group.

Similar Presentations: