To Pay or Not to Pay? Intelligent Ransomware Response

Slides:



Advertisements
Similar presentations
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advertisements

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Arizona Counter Terrorism Information Center Arizona Office of Homeland Security Deputy Director: John Phelps.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Study Results Advanced Persistent Threat Awareness.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Technician Module 2 Unit 2 Slide 1 MODULE 2 UNIT 2 Planning, Assessment & Analysis.
Cyber Security Nevada Businesses Overview June, 2014.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.
Ned Einsig III.  Domestic Intelligence & Security Service of the United States  Prime Federal Law Enforcement Organization  Jurisdiction on over 200.
ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.
FBI Phoenix Computer Crime Squad SA Tom Liffiton 10/23/2003 Maricopa Association of Governments Telecommunications Advisory Group.
Friday 22nd April 2016 DS Chris Greatorex SEROCU
IRS, CRIMINAL INVESTIGATION AND IDENTITY THEFT/DATA BREACHES
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
U.S. NATIONAL CYBERSECURITY BY: SEIF ABOU NAR. WHY ARE WE TALKING ABOUT CYBERSECURITY? Attacks received the attention of president Clinton and Attorney.
WEBINAR Review- “Advanced Threat Protection – Can Technology alone deliver what’s needed?” Patrick Grillo, Senior Director, Security Strategy 1.From my.
Cybersecurity as a Business Differentiator
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Federal Bureau of Investigation
Information Security Program
3 Do you monitor for unauthorized intrusion activity?
Healthcare Cybersecurity: State of Industry
[Internal Use] for Check Point employees​
Melissa McBee Anderson Ethan Via Federal Bureau of Investigations
Governors Homeland Security and All-Hazards Cyber Security Sub-Committee April 19th, 2016.
Cyber Security: State of the Nation
Intelligence Driven Defense, The Next Generation SOC
California Cybersecurity Integration Center (Cal-CSIC)
Data Compromises: A Tax Practitioners “Nightmare”
Trends in Ransomware Distribution
Joe, Larry, Josh, Susan, Mary, & Ken
Proactive Cyber Security Ian Glover
Cyber Game Plan: a tabletop exercise in defending a ransomware attack
Cyber Threat Intelligence Sharing Standards-based Repository
بهترین راهکار را انتخاب کنید...
Partnering to Minimize the Impact of Data Compromises
Virginia Union University
National Cyber Security
Federal Protective Service
CRITICAL INFRASTRUCTURE CYBERSECURITY
Mitigating Ransomware
Anatomy of a Large Scale Attack
INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.
Cyber Security in a Risk Management Framework
No!. [NEXT SLIDE] LOGO HERE.
CSCD 434 Spring 2019 Lecture 10 Attacks for Profit Ransomeware 1.
Information Protection
3 Do you monitor for unauthorized intrusion activity?
Targeted Data Breach Turn slides
Role of US Security and Intelligence Agencies
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Targeted Data Breach Turn slides
Data Breach of United States Office of Personnel Management
Information Protection
3 Do you monitor for unauthorized intrusion activity?
Data Breach of United States Office of Personnel Management
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

To Pay or Not to Pay? Intelligent Ransomware Response

INTELLIGENCE AS A SERVICE About Me AARON SHERMAN Senior Director of Cyber Threat Intelligence Braintrace - Intelligence Cybersecurity asherman@braintrace.com Aaron currently serves as Senior Director of Cyber Threat Intelligence at Braintrace. Bringing nearly 15 years of cyber threat detection and neutralization success for the U.S. government, Aaron most recently held the position as Cyber Special Agent with the Federal Bureau of Investigation (FBI) in the Washington, DC and Salt Lake City Field Offices. While at the FBI, Sherman responded to and investigated cyber intrusions and data breaches perpetrated by Advanced Persistent Threat (APT) actors and cyber criminal groups around the world. As a leading authority on emerging threats, he has implemented new methodologies for targeting and monitoring cybercriminals on the dark and deep web. His efforts have resulted in the detection and disruption of numerous cybercriminal campaigns targeting US organizations. You can connect with Aaron at linkedin.com/in/aaron-sherman www.braintrace.com INTELLIGENCE AS A SERVICE 2

What could possibly go wrong?! Incident Response What could possibly go wrong?!

INTELLIGENCE AS A SERVICE Incident Response Steps Detection Analysis Containment Eradication Recovery Post-Incident Activity www.braintrace.com INTELLIGENCE AS A SERVICE 5

INTELLIGENCE AS A SERVICE Incident Response Steps Analysis ID specific variant Determine attack vector Prepare for the OCM www.braintrace.com INTELLIGENCE AS A SERVICE 6

INTELLIGENCE AS A SERVICE Prepare for the OCM Wait, what’s bitcoin? How long will it take? Backups? How much is the extortion? Can we negotiate? www.braintrace.com INTELLIGENCE AS A SERVICE 7

INTELLIGENCE AS A SERVICE The OCM WHAT IS BITCOIN?!? How much is the extortion? Can we negotiate? www.braintrace.com INTELLIGENCE AS A SERVICE 8

INTELLIGENCE AS A SERVICE Quick Fact Finding ID Specific Variant Attacker Intelligence Attacker Counterintelligence Payment Intelligence OSINT www.braintrace.com INTELLIGENCE AS A SERVICE 9

INTELLIGENCE AS A SERVICE Quick Fact Finding GandCrab 5.6.1 (no decryption yet) Attacker Identified No victim intel Payments: Asking $8,000 USD Lowest: $1,646 USD Average: $4,680 USD Full recovery ~72 hours after payment www.braintrace.com INTELLIGENCE AS A SERVICE 10

INTELLIGENCE AS A SERVICE Negotiations www.braintrace.com INTELLIGENCE AS A SERVICE 11

INTELLIGENCE AS A SERVICE Negotiation Tips Treat like business deal Get proof of life Don’t stall Team approach No false flag operations* OPSEC! www.braintrace.com INTELLIGENCE AS A SERVICE 12

Meanwhile, back in Russia…

QUESTIONS & ANSWERS Aaron Sherman Senior Director of Cyber Threat Intelligence linkedin.com/in/aaron-sherman www.braintrace.com INTELLIGENCE AS A SERVICE 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.