Presentation is loading. Please wait.

Presentation is loading. Please wait.

To Pay or Not to Pay? Intelligent Ransomware Response

Published byAsli Çağrı Modified over 5 years ago

Similar presentations

Presentation on theme: "To Pay or Not to Pay? Intelligent Ransomware Response"— Presentation transcript:

1 To Pay or Not to Pay? Intelligent Ransomware Response

2 INTELLIGENCE AS A SERVICE
About Me AARON SHERMAN Senior Director of Cyber Threat Intelligence Braintrace - Intelligence Cybersecurity Aaron currently serves as Senior Director of Cyber Threat Intelligence at Braintrace. Bringing nearly 15 years of cyber threat detection and neutralization success for the U.S. government, Aaron most recently held the position as Cyber Special Agent with the Federal Bureau of Investigation (FBI) in the Washington, DC and Salt Lake City Field Offices. While at the FBI, Sherman responded to and investigated cyber intrusions and data breaches perpetrated by Advanced Persistent Threat (APT) actors and cyber criminal groups around the world. As a leading authority on emerging threats, he has implemented new methodologies for targeting and monitoring cybercriminals on the dark and deep web. His efforts have resulted in the detection and disruption of numerous cybercriminal campaigns targeting US organizations. You can connect with Aaron at linkedin.com/in/aaron-sherman INTELLIGENCE AS A SERVICE 2

3 What could possibly go wrong?!
Incident Response What could possibly go wrong?!

4

5 INTELLIGENCE AS A SERVICE
Incident Response Steps Detection Analysis Containment Eradication Recovery Post-Incident Activity INTELLIGENCE AS A SERVICE 5

6 INTELLIGENCE AS A SERVICE
Incident Response Steps Analysis ID specific variant Determine attack vector Prepare for the OCM INTELLIGENCE AS A SERVICE 6

7 INTELLIGENCE AS A SERVICE
Prepare for the OCM Wait, what’s bitcoin? How long will it take? Backups? How much is the extortion? Can we negotiate? INTELLIGENCE AS A SERVICE 7

8 INTELLIGENCE AS A SERVICE
The OCM WHAT IS BITCOIN?!? How much is the extortion? Can we negotiate? INTELLIGENCE AS A SERVICE 8

9 INTELLIGENCE AS A SERVICE
Quick Fact Finding ID Specific Variant Attacker Intelligence Attacker Counterintelligence Payment Intelligence OSINT INTELLIGENCE AS A SERVICE 9

10 INTELLIGENCE AS A SERVICE
Quick Fact Finding GandCrab (no decryption yet) Attacker Identified No victim intel Payments: Asking $8,000 USD Lowest: $1,646 USD Average: $4,680 USD Full recovery ~72 hours after payment INTELLIGENCE AS A SERVICE 10

11 INTELLIGENCE AS A SERVICE
Negotiations INTELLIGENCE AS A SERVICE 11

12 INTELLIGENCE AS A SERVICE
Negotiation Tips Treat like business deal Get proof of life Don’t stall Team approach No false flag operations* OPSEC! INTELLIGENCE AS A SERVICE 12

13 Meanwhile, back in Russia…

14 QUESTIONS & ANSWERS Aaron Sherman
Senior Director of Cyber Threat Intelligence linkedin.com/in/aaron-sherman INTELLIGENCE AS A SERVICE 14

Download ppt "To Pay or Not to Pay? Intelligent Ransomware Response"

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Arizona Counter Terrorism Information Center Arizona Office of Homeland Security Deputy Director: John Phelps.

Arizona Counter Terrorism Information Center Arizona Office of Homeland Security Deputy Director: John Phelps.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Study Results Advanced Persistent Threat Awareness.

Study Results Advanced Persistent Threat Awareness.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Technician Module 2 Unit 2 Slide 1 MODULE 2 UNIT 2 Planning, Assessment & Analysis.

Technician Module 2 Unit 2 Slide 1 MODULE 2 UNIT 2 Planning, Assessment & Analysis.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/2013 1.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.

Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.

October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.
Ned Einsig III.  Domestic Intelligence & Security Service of the United States  Prime Federal Law Enforcement Organization  Jurisdiction on over 200.

Ned Einsig III.  Domestic Intelligence & Security Service of the United States  Prime Federal Law Enforcement Organization  Jurisdiction on over 200.
ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.

ADMINISTRATIVE AGENCIES Crystal Wahlstrom-Kauffman April 1 st, 2008 MGT 335.
FBI Phoenix Computer Crime Squad SA Tom Liffiton 10/23/2003 Maricopa Association of Governments Telecommunications Advisory Group.

FBI Phoenix Computer Crime Squad SA Tom Liffiton 10/23/2003 Maricopa Association of Governments Telecommunications Advisory Group.

Similar presentations

Ads by Google