Ransomware: The Next Wave of Malware is Here

Wednesday June 8 – 2:00 PM
Palo Alto

Event abstract

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file; thus, ransomware is an access-denial type of attack that prevents legitimate users from accessing files. (Wikipedia)

This attacker technique is gaining in pervasiveness; catching business entities off-guard, and they’ve been successful in collecting significant ransoms in several media reported incidents.

In this session, various presenters will cover the key elements of ransomeware, including preparation, detection and response.

Session 1: Ransomware Detection

Speaker(s): TBD Palo Alto

Session 1 Description:

Ransomware of different varieties, while operating differently, operate with consistent objectives. Given these common objectives, certain behaviors are enviable. For example, in order to encrypt or otherwise “lock” the contents of a drive, that drive must be enumerated by the ransomware.

In other cases, permissions may be modifying, critical configuration files might be changed, and new files might be added to the system in order to assist the attacker in obtaining their objectives. In this session, we will discuss the indicators of ransom ware, and the definition of controls that allow for earlier detection.

Session 2: Responding to Ransomware

Speaker(s): Brian Costello Vice President of Public Sector Programs , Invincea, Inc

Mr. Costello, a 20-year information technology and security solutions veteran is currently the Vice President of Public Sector Programs at Invincea.

Brian has served in a variety of leadership roles including positions at Fujitsu, Edmond Scientific, CyberTrust, Verizon Enterprise Solutions, Terremark and RiskAnanlytics.

Throughout his career, Brian has provided customers with innovative solutions in the areas of advanced security instrumentation and analytics, managed security, risk management, information & software assurance, identity management, threat intelligence, forensics and data center and cloud computing services. Brian received his B.A. in International studies from George Mason University.

Session 2 Description:

Once detected, rapid response to a ransomware event is critical. Rapid containment can aid in the need for systems recovery, and drastically reduce the likelihood of business being forced to make a decision regarding cyber extortion. In this session, the team will discuss, lessons from the field, and the means to contain and eradicate.

Session 3: How Zero Trust Networks Can Enable Recovery from Cyberattacks.

Speaker(s): Eric Beck – Principal, Risk Masters, Inc.
Bio: Eric Beck is a Principal of Risk Masters, Inc. with more than 25 years of business continuity consulting experience across a wide range of clients and industries. During his consulting career, Eric has delivered a broad range of consulting expertise in areas that include strategic planning, business continuity program development, risk assessment, business impact analysis, continuity strategy definition, testing, and quality assurance. Eric is also frequent speaker at business continuity conferences and seminars, and has been published in industry magazines such as Continuity Insights, ISACA Journal and the Disaster Resource Guide. Eric holds an M.B.A. from the Rutgers Business School and a B.A. in Computer Science from Rutgers University.

Session 3 Description:

In the current operating environment, organizations are at increased risk of a business disruption due to an evolving threat landscape. Because the nature of risk is evolving, continuity planners are constantly engaged in a “cat-and-mouse” game of trying to stay ahead of emerging threats that may disrupt operations. Today, cyberattacks have emerged as one of these disruptive threats. While most organizations have responded to cyber threats by implementing a range of avoidance controls, many have failed to recognize that recovery from cyberattacks will also require adoption of new technologies, new network architectures and new operational processes. Therefore, in the era of cyberattacks, “zero-trust” network architecture becomes an important requirement for protecting critical information systems and data assets. Our presentation will discuss the security weaknesses in traditional hierarchical networks and the required elements of zero-trust architecture that will enable organizations to recover when a cyberattack occurs. We will also identify key process requirements for identifying and responding to cyberattacks, including establishing an internal Community Emergency Response Team (CERT).