Ransomware is the most challenging attack blue teamers have dealt with. The ways ransomware attackers work have some key differences compared to traditional espionage attacks. Ransomware causes business disruption which is catastrophic for many organizations. Dealing with ransomware requires swiftness of response, quick decision-making, and implementation capabilities. This talk will walk through a three-pronged approach for responding to ransomware attacks including preparation, containment, and recovery. In this talk, I will share techniques that defenders can use to respond to ransomware propagation in real-time using available tools in organizations.
Anurag Khanna, Manager - Incident Response & Consulting Services, Crowdstrike Services - khannaanurag
View upcoming Summits: www.sans.org/u/DuS
Download the presentation slides (SANS account required) at www.sans.org/u/1iaE
#BlueTeamSummit #Ransomware