At War With Ransomware

Ransomware groups are constantly changing with contributors splintering off, forming new groups, and bringing new TTPs to the table. Security vendors market themselves on being able to block and prevent attacks like ransomware once their product is installed and tuned properly, but what happens when you deploy a product in the middle of an active attack? In this talk David Bonvillain will reconstruct the timeline of a real attack on a critical energy provider, how the attackers shifted techniques when they encountered security controls their previous recon did not uncover, and how responders can better prepare themselves during active ransomware incidents.