Ransomware & Data Exfiltration: A survival guide to prevention & response

Earn up to 6.5 CPE credits by attending this virtual event.

The COVID-19 Pandemic has seen an increase in Ransomware attacks. From Colonial Pipeline to JBS USA, every sector has seen a rise in ransomware attacks with increasing ransoms. Not only are these ransomware criminals stopping critical operations, like the Colonial Pipeline and multiple hospitals, they’re also stealing sensitive, regulated data that they use to further blackmail their targets. Even when ransoms get paid, these stolen files appear on dark web trading sites, and vulnerability data on the target is often reused by new ransomware operators. 

On February 22-23, SC Media hosted the Ransomware & Data Exfiltration eSummit that featured experts on ransomware and covered topics including: 

• Results from our Ransomware Research Survey
• Measuring and improving your network’s ransomware readiness
• Executing responsible incident response strategies
• Coordinating with supply chain partners and law enforcement

Register to access this free, on-demand content now.

Featured Speakers

Agenda

DAY 1 – FEBRUARY 22

10:45 AM ET 
Program Opens

11:00 AM ET 
KEYNOTE | Lessons from the Kaseya CISO: Applying a law enforcement perspective to corporate ransomware policies 
Jason Manar, CISO, Kaseya 

As part of its response to a July 2021 ransomware incident, Kaseya recently tapped experienced FBI agent Jason Manar – who investigated the attack – to serve as the company’s new CISO. This session will look at the strategic advantages of companies recruiting law enforcement agents into their security teams due to the unique perspectives and wealth of experience they bring to the table. Through the lens of the Kaseya incident and other cases he’s worked on, Jason will also offer eSummit attendees some of his top recommendations for developing a ransomware prevention and incident response strategy in a manner that takes into account the needs of both the victim and law enforcement investigators. 

11:30 AM ET 
Ransomware techniques in 2022: How to detect malicious activity  
Andrew Mundell, Enterprise Security Engineer, Sophos 

Ransomware actors are always evolving their techniques. This is especially true with the increased use of legitimate applications and LOLBins (Living off the Land binaries). Join this session to learn about the latest procedures attackers are implementing at all stages of the kill chain. In addition to seeing a live demonstration, attendees will hear best practices for stopping attacks early on and threat hunting advice to detect malicious activity and ensure visibility across the MITRE ATT&CK Framework. 

12:00 PM ET 
The eCrime and ransomware threat landscape  
Jason Rivera, Director of Strategic Threat Advisory Group, CrowdStrike 

In this session, Jason Rivera, director of strategic threat advisory group, will discuss CrowdStrike’s most current understanding regarding the ever-prevalent ransomware threat and to characterize observations around how the ransomware ecosystem has evolved over the last couple years. Attendees of this session will benefit from the unique insights into the associated enablers of ransomware, including associated initial access techniques, ransomware-related business models, and our newest data around monetization schemes being leveraged by the eCrime extortion community. Lastly, we will close by proposing actionable recommendations that organizations can undertake in order to harden their cybersecurity environment against the ransomware threat. 

12:30 PM ET 
Agentless threat hunting: Stopping ransomware before the encryption happens  
Chris Borales, Senior Product Marketing Manager, Gigamon 

Threats are excellent at evading endpoint detection: hiding in network blind spots, operating using encrypted traffic and targeting cloud workloads. Attackers are dwelling on network up to 280 days on average, evading endpoint detecting and covering their tracks. Join Chris Borales as he discusses how network and security teams can leverage visibility in their security processes to combat today’s ransomware threats. 

1:00 PM ET 
Aligning ops to risk with cyber situational awareness  
Chris Morales, CISO, Netenrich 

Digital transformation is exposing you to adversaries and threats. Things like explosive cloud growth, technology and mobility volumes, and pervasive digital transformation are all part of a hostile environment. Hear from Netenrich CISO, Chris Morales, as he goes through 6 steps in how you can make sure your organization is protected and your assets stay secure with Cyber Situational Awareness. 

1:30 PM ET  
BREAK | Visit Solutions Center 

1:45 PM ET
CRA State of Ransomware Survey: Many pay ransom, struggle with detection/response  
Matt Alderman, EVP, CyberRisk Alliance 

Ransomware attacks continue at a blistering pace because organizations remain vulnerable to critical exploits and social engineering campaigns. Once inside, attackers find it all too easy to move laterally and swipe user credentials and other sensitive data. In a survey conducted by CyberRisk Alliance’s Business Intelligence Unit in January 2022, 300 security leaders and executives shared their struggles and strategies to combat such attacks. Among the findings: 

• 43% suffered at least one ransomware attack in the last 2 years. Of those: 
• 58% paid a ransom 
• 29% found their stolen data on the dark web 
• 44% suffered financial losses 

In this session, CyberRisk Alliance EVP Matt Alderman will explore what the findings mean for the future and offer guidance for security teams seeking a way forward. 

2:30 PM ET 
How to protect your Active Directory against ransomware attacks: Securing vulnerabilities and misconfigurations  
Derek Melber, Chief Technology and Security Strategist, Tenable 

After initial compromise of a device, Active Directory (AD) is leveraged in all the recent ransomware attacks, making it the imminent target. Attackers exploit vulnerabilities and misconfigurations in devices, services, and applications to enter the network. Then, attackers exploit weaknesses and misconfigurations in Active Directory to move laterally and escalate privileges. Ransomware can be halted with increased security measures at the entry point, within the AD environment, as well as maintaining a hardened security level for AD. Let 17X Microsoft MVP Derek Melber show you exactly what you need to do to secure endpoints and AD. 

3:00 PM ET 
Rise of ransomware: Current state and threat outlook in 2022  
Spence Hutchinson, Senior Threat Researcher, eSentire 

What is behind the increase in Ransomware attacks and how can companies defend themselves? 

With a projected $20 billion in ransomware damages and anticipated 30% YoY growth (Cybersecurity Ventures, 2021), it’s easy to see how 2021 was an exceptionally busy year for security practitioners. Ransomware attacks such as SolarWinds, Kaseya and Colonial Pipeline are clear examples of how truly damaging, financially and reputationally, these cyberattacks can be. 

Ransomware is the fastest growing type of cybercrime, and the Ransomware-as-a-Service (RaaS) model is accelerating the growth of these attacks and new ransomware groups. What were once primarily opportunistic cyberattacks have evolved into sophisticated, social engineering and drive by attacks, and the emergence of double and triple extortion. Collaboration between operators has led to increased specialization throughout the kill-chain, which means any intrusion has the potential to be monetized.  

As ransomware and the threat scape rapidly evolves, it’s never been more important for security practitioners to have a plan in place to effectively detect, prevent, and respond to future cyberattacks.  

Join eSentire’s Spence Hutchinson, senior threat researcher, for a discussion on top threats from 2021, what’s behind the increase in ransomware attacks, and how companies can defend themselves. Spence will share unique insights and lessons learned from the Threat Response Unit (TRU) team’s original research and detection development, including observations of the types of cyberattacks eSentire sees against customers. In this session, you will learn more about:  

• The top threats our TRU team has seen over the past year 
• The RaaS model  
• Lessons learned from ransomware engagements 
• eSentire’s approach to modern ransomware  
• The ransomware outlook for 2022 
• Recommendations for prevention, detection and response 

3:30 PM ET 
How zero trust network access can stop ransomware from stopping you  
Lane Billings, Senior Product Marketing Manager, Cloudflare 
James Espinosa, Security Engineering Manager of Detection and Response, Cloudflare 

Ransomware wreaks havoc by infiltrating user devices, then spreading laterally across resources on the network until it achieves full network lockdown. To stop infection and spread, the Cybersecurity and Infrastructure Security Agency (CISA) recommends that security teams implement a sweeping set of at least 24 measures including phishing prevention, vulnerability management, as well as careful configuration of remote access services like the VPN and RDP.  

You can address at least 4 of those 24 recommendations by implementing a Zero Trust Network Access approach, which replaces blanket network access with default-deny rules in front of all corporate resources.  

In this presentation, James Espinosa, Security Engineering Manager of Detection and Response and Lane Billings, Senior Product Marketing Manager at Cloudflare, will share how replacing your VPN with Zero Trust Network Access can reduce the risks of ransomware attacks in your enterprise.  

In this session, you will learn:  

• Real world examples of ransomware attacks, and how Zero Trust principles could have helped mitigate them 
• How replacing VPNs with a Zero Trust model helps stop lateral movement in its tracks 
• Cloudflare’s platform for preventing delivery and lateral movement of ransomware 

4:00 PM ET 
Ransomware & AI: Friend or foe?  
Aaron Rose, Security Architect & Evangelist – Office of the CTO, Check Point Software 

In this session, we’ll go behind the scenes on what Artificial Intelligence means and how it can both complement your security strategy/technology to help prevent ransomware attacks and how it can potentially be used against us. 

4:30 PM ET
The root causes of ransomware and how to defend  
Roger Grimes, Data-Driven Defense Evangelist, KnowBe4 

Join us for this thought-provoking session hosted by Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist. He will teach you what you can do now to help prevent, detect, and mitigate ransomware threats. 

In this session, you’ll learn: 

• How ransomware typically finds its way into a network 
• The prevalence of various kinds of ransomware entry points, such as phishing, unpatched software, credential theft and remote server attacks 
• Tips for mitigating ransomware risk 

Get the information you need to know now before it’s too late!

5:00 PM ET 
KEYNOTE | Scoring your ransomware readiness: Are you prepared or pre-crisis?  
Taylor Reynolds, Technology Policy Director – Internet Policy Research Initiative, MIT 

You’ve invested in training, technology and disaster recovery in the event of a future ransomware incident. But have you truly done enough? A trio of MIT researchers have proposed one way to find out: a Ransomware Readiness Index (RRI) designed to score your ongoing preparedness against an attack, using meaningful and timely data. In this session, RRI co-creator Taylor Reynolds will offer a status update on his team’s recently announced case study and offer suggestions on how to best make ransomware-readiness metrics actionable in order to achieve consequential improvements in prevention. 

DAY 2 – FEBRUARY 23

10:45 AM ET 
Program Opens

11:00 AM ET  
KEYNOTE | Combatting the ransomware scourge: How the private sector can help 
Megan Stifel, Chief Strategy Officer, Institute for Security and Technology 

In the past year, international authorities have executed a number of prominent takedowns against cybercriminal groups, including the ransomware gang REvil – and the White House has been pressuring Russia to cooperate in this effort. But where does that leave the private sector? Beyond improving their own internal defenses, how can companies contribute to the anti-ransomware movement? And how might they be able to raise their collective voices and demand even further, more decisive action? This session will look at ways businesses can help meaningfully join the fight while also working in coordination with the public sector. Also, Megan Stifel, chief strategy officer with the Institute for Security and Technology, will update attendees on the latest initiatives and endeavors of the IST’s Ransomware Task Force. 

11:30 AM ET 
Ransomware incident response: Zero to full domain admin  
Joseph Carson, Chief Security Scientist and Ethical Hacker, Delinea 

Join Delinea’s Chief Security Scientist and Ethical Hacker, Joseph Carson, as he explains how a ransomware attack progresses from initial credential compromise to escalated privileges, exfiltrated data, and ultimately the ransomware deployment and ransom demand. 

12:00 PM ET 
Profile of the dark economy of ransomware: Uncovering the illegitimate industry of ransomware and the operations of ransomware gangs  
Jason Forcht, Senior SE, Cybereason 
Josh Hammer, Field CISO, Oracle 

Ransomware groups operate similar to cartels and are well funded, organized, and benefit from the reach of extensive networks. An unprepared InfoSec team is outclassed by a sophisticated adversary with a vibrant dark industry that supports their every move. In this session presented with our partner, Oracle, learn who these adversaries are, how they operate, what their motives are, and how to beat a seemingly unbeatable cyber opponent. 

12:30 PM ET 
Protect your Active Directory against ransomware  
Carolyn Crandall, Chief Security Advocate, Attivo 
Joseph Salazar, Technical Marketing Engineer, Attivo 

Nearly all modern ransomware attacks by notorious gangs such as Conti, Lockbit, Maze and others aggressively target Active Directory (AD) with identity-based attacks. AD is intrinsically insecure and protecting it must be on every CISO’s priority list for 2022.  

Understand how to protect AD against ransomware attacks by joining Attivo experts for a session on how to: 

• Reduce credential and AD attack surfaces 
• Gain visibility into identity-based attacks at endpoints and AD domain controllers 
• Identify and misdirect unauthorized queries targeting privileged AD objects  
• Hide sensitive or privileged production accounts and AD objects from attackers 
• And more… 

Whether your network is comprised of endpoints, unmanaged systems or IoT/ OT, Attivo provides continuous visibility to exposures and live attack detection, allowing defenders to prepare for and prevent ransomware lateral movement. 

1:00 PM ET 
Building your ransomware defense, end to end  
Helen Patton, Advisory CISO, Duo Security 

Cyber-attacks skyrocketed with the shift to remote work, growing 50% year-over-year in 2021. This rise has been driven by attackers successfully targeting larger and more lucrative enterprises, new attack strategies honed during the unplanned shift to remote work in 2020, and a growing sophistication in the tools and resources available to attackers — including full-scale ransomware as a service (RaaS) criminal vendors.  

To best defend against these threats, an effective ransomware strategy must take a holistic approach. Through the lens of “people, process, and tools” we will discuss basic controls, including phishing prevention, secure access, endpoint remediation, and recovery strategies security teams should review. 

Join this session with Duo Advisory CISO Helen Patton for a grounded walkthrough of the tenets of ransomware defense, how to employ them in an organization, and how to make sure your organization understands the strategy you define. In this session, you will learn: 

• Where streamlining security processes can pay dividends in reducing risk 
• How to focus your efforts across the organization when planning your ransomware strategy 
• Why ransomware strategies are required in all security phases of the attack chain 

1:30 PM ET  
BREAK | Visit Solutions Center 

1:45 PM ET 
THOUGHT LEADERSHIP PANEL | Developing a realistic ransomware playbook for resource-strained organizations  
Rohit Tandon, CISO, State of Minnesota 
Neal Richardson, Director of Technology, New Hampshire Hillsboro-Deering School District 

Ransomware attacks have struck billion-dollar enterprises and mom-and-pop operations alike. So, no matter who you are, you must be prepared. But when cybersecurity funding and talent is in short supply, how do you make the most with what you have? In this thought leadership session, panelists will offer practical tips on how resource-hungry organizations can institute a prevention, response and recovery strategy that squeezes the most out of their budgets and IT expertise. The session will also address how organizations that rely heavily on third-party partners should respond when one of their MSPs or upstream service providers are attacked.

2:30 PM ET 
Ransomware, double extortion, and extortionware  
Yotam Katz, Product Manager, Rapid7 

Hear about ransomware’s evolution and explore how it is rapidly becoming the number one cyberthreat in our landscape. 

During this session, Yotam Katz of Rapid7 will provide insight and predictions on: 

• Recent cybersecurity trends 
• Tips on how to proactively avoid ransomware 
• Data theft 
• Device encryption 
• How these cyberthreats are intertwined 

3:00 PM ET 
Weathering the storm: Preparing and protecting your network from ransomware attacks  
Tom Gorup, Vice President – Security Operations, Alert Logic 

A report by CISOs Connect, “Ransomware in Focus”, based on a survey of more than 250 CISOs, finds that ransomware is the #1 threat facing businesses today, with more than two-thirds of respondents believing an attack is inevitable at least once within the next year.  

What can you do to protect and prepare your network to ensure that your company and customer data remain safe? How can you utilize solutions like Managed Detection and Response (MDR) to reduce the likelihood of attacks and reduce the impact on your organization if an attack is successful?  

Join us to learn:  

• What ransomware is and how has it become the biggest cybersecurity threat facing your business today 
• What CISOs are learning from their experiences with ransomware attacks and how you can apply that to your business 
• What technical countermeasures can be put in place to protect your organization from ransomware 
• How advanced detection from a Managed Detection and Response (MDR) provider can help protect against known and unknown threats and reduce the impact of successful breaches 

3:30 PM ET 
Mitigate the risk of ransomware with business-critical applications  
David D’Aprile, VP of Product Marketing, Onapsis 

Over the last few months, everywhere you turn, there’s another story about debilitating ransomware attacks on business-critical systems. From fuel and energy companies to food processing companies, no industry is safe or immune. The traditional lens through which we view ransomware attacks is no longer as effective as it used to be.  What’s needed is a new model to defend critical systems against ransomware – one that goes beyond the scope of just protecting endpoints and the perimeter, backing up files, and hoping for the best. Join Onapsis as we take a closer look at how enterprises should approach security to protect their most critical SAP systems from the looming threat of ransomware. 

4:00 PM ET 
Stopping ransomware with autonomous response  
Brianna Leddy, Director of Analysis, Darktrace 

New strains of ransomware are leaving organizations vulnerable – too often, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization.   

Join Brianna Leddy, Darktrace’s Director of Analysis, as she unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.   

This session will discuss:  

• Recent ransomware threat trends, including double extortion and RDP attacks  
• How Autonomous Response takes action to contain an emerging attack, even when security teams are out of office    
• Real-world examples of ransomware detected by Darktrace AI – including a zero-day and an attack initiated on Christmas Day 

4:30 PM ET 
Get out of ransomware jail with continuous data protection (CDP)  
Andy Fernandez, Sr. Manager of Product Marketing, Zerto 

Ransomware continues to evolve, bringing disruption, data loss, and weeks to months of clean up. Prevention is not enough, and organizations are aware data protection needs an upgrade.  

Join this live discussion with Andy Fernandez, Sr. Manager of Product Marketing at Zerto, a Hewlett-Packard Enterprise company, to understand how your organization can eliminate the consequences of ransomware using continuous data protection to: 

• Resume operations at scale, in minutes 
• Recover to a state, seconds before an attack 
• De-risk your recovery with instant, non-disruptive testing 
  

5:00 PM ET 
KEYNOTE | Ransomware incident response: Avoiding action bias  
Brandon Van Grack, Partner, Morrison & Foerster 
Alex Iftimie, Partner, Morrison & Foerster 

The cybercriminals who encrypted your files and stole your data are demanding money. The clock is ticking – and it may be tempting to initiate some kind of response. But don’t be too hasty. In the course of a ransomware response, there are several key moments where making a wrongheaded, premature move could compound your troubles and create legal and regulatory headaches. This session will look at these critical decision points (e.g. paying/negotiating with attackers, publicly disclosing the attack, etc.) and offer attendees advice on how to responsibly “dot their i’s” and “cross their t’s” before taking a course-altering action that you can’t take back.