Archived: Detecting Ransomware: Countermeasures to overcome cybercrime’s biggest threat

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual conference.

Ransomware revenue for cybercriminals is in the billions of dollars and counting. Equipped with advanced evasion techniques that elude traditional antivirus solutions, this threat is at the top of every cybersecurity professional’s list. 

While there’s no silver bullet on the ransomware detection front, security professionals can employ a multi-pronged approach that includes detection measures focused on networks, endpoints and end users. CyberRisk Alliance hosted a virtual event featuring experts that shared strategies you can implement right now to detect ransomware in your environment. Topics include: 

  • The role that predictive algorithms play in detecting ransomware
  • How sacrificial network shares can serve as an early warning system
  • The latest exploit kit detection rules that will help detection efforts

Prevent your organization from being locked out. Bolster your knowledge on detection efforts by registering now for this on-demand content.



Please continue to check back as we add sessions and speakers to this eSummit


11:00 AM ET
KEYNOTE | A step-by-step guide to handling ransomware incorrectly
Don Codling, Cybersecurity Advisor, Multitot Corp | Owner of Codling Group International 

From mistakes in preparation to problems in negotiations, there are a lot of ways to encourage and worsen a ransomware problem. Don Codling, 23-year veteran of the FBI, strategic advisor to Flashpoint and Intel, and founder of Codling Group International and SC senior reporter Joe Uchill will discuss how to make every mistake in rapid succession. Listen and learn what not to do. 

11:40 AM ET
Now that ransomware has gone nuclear, how can you avoid becoming the next victim?
Roger Grimes, Data-Driven Defense Evangelist, KnowBe4 

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cybercriminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear. 

Join us for this webinar where Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will dive into: 

  • Why data backups (even offline backups) won’t save you 
  • Evolved threats from data-theft, credential leaks and corporate impersonation 
  • Why ransomware isn’t your real problem 
  • How your end users can become your best, last line of defense 

12:20 PM ET
Ransomware decoded: Understanding and preventing modern ransomware attacks 
Maggie MacAlpine, Security Strategist, Cybereason 

Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success. Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk. 

Why you should attend this session: 

  • Learn about the latest ransomware trends 
  • Dissect discoveries from Cybereason’s Nocturnus team 
  • Become empowered to defend against ransomware 

1:00 PM ET
Cyber resilience for digital operations
Christopher Morales, CISO and Head of Security Strategy, Netenrich

Security operations need context awareness to ensure the success of business initiatives in a world of advanced, targeted attacks. Netenrich empowers security, IT and cloud operations to thrive during adversity with adaptive incident resolution using real time, data driven risk and trust-based decision making. The Netenrich Resolution Intelligence platform streamlines the process of managing, analyzing and fixing the root cause of incidents to prevent future disruption.

1:40 PM ET
Proactive threat hunting to combat ransomware
Allan Liska, Senior Security Architect, Recorded Future

Ransomware gangs are targeting large enterprise organizations in search of massive payouts. Also known as “big game hunting,” they type of ransomware attack is increasingly common and can be extremely disruptive to targeted organizations. 

Join Allan Liska as he demonstrates how threat hunting packages that detect exploit kits and their loaders can help you stop attackers in their tracks. 

2:20 PM ET
Enough already: Ransomware defense through people, process and tools
Helen Patton, Advisory CISO, Duo Security – Cisco

More than $4.1 billion was lost to ransomware attacks in 2020, according to a just-released alert published by the Cybersecurity and Infrastructure Security Agency (CISA). This rise has been driven by attackers successfully targeting larger and more lucrative enterprises, new attack strategies honed during the unplanned shift to remote work in 2020 and a growing sophistication in the tools and resources available to attackers – including full-scale ransomware as a service (RaaS) criminal vendors.  

To best defend against these threats in 2021, any effective ransomware strategy must take a holistic approach. Through the lens of “people, process, and tools” we will discuss basic controls including phishing prevention, secure access, endpoint remediation and recovery strategies security teams should review. 

Join this session with Duo Advisory CISO Helen Patton for a grounded walkthrough of the tenets of ransomware defense, how to employ them in an organization, and how to make sure your organization understands the strategy you define. In this webinar, you will learn: 

  • Where to focus your efforts across the organization while planning your ransomware strategy 
  • How streamlining security processes can pay dividends in reducing risk 
  • Why ransomware strategies are required in all security phases of the attack chain 

3:00 PM ET
Where did we go wrong with ransomware? (And what are we going to do about it?)
Nathan Wenzler, Chief Security Strategist, Tenable

Viruses. Worms. Malware. Phishing attacks. APTs. The evolution of attacks on our environments has led to the logical conclusion we’re seeing today where criminal organizations are leveraging these malicious technologies to monetize their efforts: ransomware. While it seems like there’s a new ransomware attack being talked about in the news on nearly a weekly basis, the truth is that these attacks have been around for a long time, and because they’re so effective in generating financial windfalls for criminals, we shouldn’t expect a slowdown in their use any time soon.  

So, how did we get here, and what can organizations do about it? In this talk, we’ll discuss some of the ways ransomware is levied against our environments, what makes it such a difficult threat to stop and review strategies and considerations for the people, processes and tools in your organization that can help reduce potential attack paths ransomware uses. 

3:40 PM ET
Complete endpoint security: Five critical steps
Christopher Hills, Chief Security Strategist, BeyondTrust

70% of successful breaches started at the endpoint in 2019. Since then, a global pandemic has caused a large-scale shift to remote work – a perfect storm for privilege abuse. As a result, malware has increased by 30,000% in 2020. This is especially concerning when many companies still rely on antivirus software (AV) or Endpoint Detection and Response solutions (EDR) alone to secure endpoints. 

In this visionary session, we will be highlighting which two overlooked steps can mitigate the 60% of modern threats that are missed by AV and why the need for organizations to move from a reactive to a preventative approach is more important than ever. Focus topics include: 

  • An overview of endpoint security and why it is crucial for your organization 
  • Traditional challenges and existing problems with endpoint security 
  • The five critical steps to achieving complete endpoint security 


11:00 AM ET
KEYNOTE | War stories: Lessons from ransomware response 
Steven Swift,
 CISO Consultant, TBG Security

Organizations across verticals have found themselves victims of ransomware gangs, but few compare notes on the vulnerabilities that left them exposed or the response efforts after the fact that enabled recover. Steven Swift, a CISO consultant at TBG Security, has been on the front line for a range of organizations – helping them recover after suffering a ransomware attack that took down their systems. In this session, Steven will share some of his war stories, connecting dots across victims to help identify characteristics that might leave organizations exposed, and tactics that could prevent attacks or minimize the damage. 

11:40 AM ET
Confronting ransomware: Fighting together for cyber resilience
Jeremy Ventura, Senior Security Strategist, Mimecast

More than 60% of organizations have been disrupted by a ransomware attack in the last 18 months. Now, more than ever, attackers are exploiting organizations’ biggest weaknesses around people, processes and technology. The explosion of ransomware-as-a-service, the use of cryptocurrency and the commitment to legacy technology is enabling attackers to go after every industry.  

Join this session to learn: 

  • What is ransomware and how has it changed in the last 12 months 
  • The tactics and techniques of emerging ransomware threat groups 
  • How organizations can better equip themselves to mitigate, respond and recover when an attack happens 

12:20 PM ET
Mitigate the risk of ransomware with business-critical applications
David D’Aprile, VP of Product Marketing, Onapsis

The traditional lens through which we view ransomware attacks is no longer as effective as it used to be. What’s needed is a new model to defend critical systems against ransomware – one that goes beyond the scope of just protecting endpoints and the perimeter, backing up files and hoping for the best.  

Join this session to learn how to best protect your most critical SAP systems from the looming threat of ransomware. Attendees will gain a better understanding of: 

  • Business-critical security considerations for the enterprise 
  • How one application misconfiguration or vulnerability could put an entire enterprise at risk 
  • The best way to address security and compliance in an interconnected environment 

1:00 PM ET
Get the defenders’ playbook for attack simulation and security posture validation
Dave Klein, Cyber Director, Cymulate

Learning from the mistakes of the past, the newest generation of pre through post security validation combining breach attack simulation, continuous automated red teaming, purple teaming and attack surface management into a comprehensive solution has become essential and strategic to the enterprises who have adopted them.   

Join this session to learn:  

  • Requirements for an effective security posture validation solution 
  • How CISOs can quickly evaluate the health of their cybersecurity portfolio and easily explain enterprise risk and how to reduce it 
  • How security practitioners can confidently find gaps, misconfigurations and vulnerabilities and know when new attacks or vulnerabilities occur and quickly test to see if they affect their enterprises 

1:40 PM ET
Advances in ransomware and how to defend against it
Brett Stone-Gross, Director of Threat Intelligence, Zscaler 
Nirmal Singh, Director of Malware Labs, Zscaler 

Ransomware has increased in velocity and sophistication recently, with over $20 billion in reported damages in 2020. Today, cybercriminals are bypassing defenses by hiding in encrypted traffic and trusted third-party applications and are increasing their leverage using double-extortion and DDoS tactics.  

This session will reveal emerging ransomware trends, frequently exploited vulnerabilities, attack sequences of the top ransomware families and key strategies to prevent these evolving threats. 

Attendees will learn: 

  • The latest trends in ransomware 
  • Attack sequences of the top ransomware families 
  • Key strategies to prevent modern ransomware attacks 

2:20 PM ET
State of ransomware 2021
Brandon Carden, Enterprise Solutions Engineer, Sophos 

Join us for an insightful deep dive into the state of ransomware in 2021. Based on an independent survey of 5,400 IT managers in mid-sized organizations around the globe, the webinar will explore: 

  • Which countries and industries are most affected by ransomware 
  • How often attackers successfully encrypt their victims’ data 
  • The financial cost of ransomware, including the actual ransoms paid 
  • The crucial information attackers omit when issuing ransom demands to you 

Plus, you’ll discover the strategies that enable some IT managers to feel confident they won’t fall victim to ransomware in the future.

3:00 PM ET
Disrupt the ransomware kill chain early – when it matters
Dr. Saumitra Das, CTO & Cofounder, Blue Hexagon 
Andrew Nelson, Threat Researcher, Blue Hexagon 
Dr. Ali Ahmadzadeh, VP, Blue Hexagon

Ransomware costs have doubled in the last two years and the average downtime has increased by 30%. Ransomware actors have evolved from encrypting the data on the machine until the ransom is paid to more nefarious tasks, including disruption-ware, exfiltrating sensitive corporate data and naming and shaming to extract leverage and payment. Additionally, organizations must contend with initial access brokers and affiliates who specialize in initial access and consolidation before ransomware operators get involved.  

This talk reveals the three key phases of the ransomware kill chain and the actors, tactics, techniques and procedures involved in each phase. Attendees will learn: 

  • The framework for early detection measures 
  • How to disrupt an infection before it becomes a full-blown ransomware attack 
  • Why countermeasures that detect late in the encrypt and exfil stages do not actually prevent the attack 
  • Why rules and signatures are ineffective 
  • How the right predictive algorithms can assist in detection and response to blunt ransomware kill chains early

4:00 PM ET
Cyber warfare 2021: Next level $#@! you need to know 
Micki Boland, Cloud Cybersecurity Architect and Check Point Evangelist, Check Point 

Enterprise cyber criminals are using next level $#@! as we speak to conduct cyber warfare such as irregular warfare, proxy attacks, disinformation and disruption campaigns to manipulate and influence public opinion and foment criminal violence. Cyber criminals also infiltrate organizations to conduct fraud, scam, harass and highjack legitimate real human accounts for impersonation as well as distribute malware. These are very interesting times we are living in, and this is the new cyber battleground.