Sharpen your Skills at SANS San Francisco Winter 2017. Save $200 thru 10/25.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

You Have 24 Hours to Comply: Lessons Learned from Implementing a Behavioral Ransomware Detection Framework

  • Monday, June 12th, 2017 at 10:30 AM EDT (14:30:00 UTC)
  • Mark Mager
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

There was an unprecedented rise in the development and deployment of ransomware in 2016. The most common form of ransomware is designed to encrypt a user's files in the hopes of obtaining a Bitcoin ransom payment in exchange for the means to decrypt the affected files. Static detection of this type of ransomware through traditional anti-virus approaches has typically had mixed results due to the unique characteristics of these samples and rapid evolution of ransomware families. Behavioral detection methods have shown a lot of promise as an effective means for generically detecting ransomware at runtime with minimal data loss. This talk will detail an effective behavioral detection method with some novel components and provide an overview of the trials and tribulations I've endured while on the path to implementing this Windows ransomware detection framework.

To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training. This training event brings together an influential group of experts, SANS training, and industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses, and learn how to better protect your organization
  • The opportunity to network with fellow attendees at receptions and community-building events
  • A DFIR NetWars tournament to sharpen your skills and solve incident-related challenges

Speaker Bio

Mark Mager

Mark Mager is a Senior Malware Researcher for Endgame. Throughout his career in software engineering and computer security, he has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to a diverse range of government and commercial clients in the Washington, D.C. metropolitan area.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.