Cyber Solutions Fest 2022: Ransomware

  • Friday, 14 Oct 2022 8:30AM EDT (14 Oct 2022 12:30 UTC)
  • Speaker: Matt Bromiley

One of the most prolific attacks over the past few years, that has touched nearly every industry and kept security professionals up at night, is ransomware. Ever-looming as the threat that can bring an organization to a halt, we have seen an explosive growth in ransomware and extortion attacks. Driven by never-ending vulnerabilities and automated attack tools, ransomware shows little signs of slowing down. It is time to change that pace.

Join us for the Ransomware Track of the SANS 2022 Cyber Solutions fest, where we will be joined by industry experts, peers, and researchers, to examine ransomware defenses. Even with the best laid plans, we must constantly be assessing our defenses and comparing them against adversary techniques to ensure that our environments are protected.

In this track, we will look at:

  • Modern adversary and ransomware attack trends
  • Endpoint and network defenses to slow or stop a ransomware attack
  • Threat intelligence to help keep us apprised and ready for adversary techniques, and
  • Building cross-telemetry detections that help detect the early stages of ransomware (and other attacks!)

Click Here to access the event Slack Workspace

Ransomware Track Logo


Check Point LogoCybereason logoEclypsium_Logo_Full_Color.pngExtraHop Networks logoMorphisec-Logo-Horizontal_(RGB_-_Color_Black).pngPalo Alto Unit 42 logoSANS Security Awareness Logosophos logoSymantec by Broadcom logoZscaler_BrandAssets_LogoLockup_Blue.png
BIT Logo

Make a Difference in the Cyber Community

This year, SANS is fortunate enough to partner with the Blind Institute of Technology to make a difference in the cyber community. Currently, 81% of people with disabilities are unemployed. The Blind Institute of Technology (BIT) Academy is committed to changing these statistics by working diligently with their candidates and their corporate partners to place people with disabilities in meaningful careers with a clear path for growth. The services offered through the BIT Academy are complimentary for all of their candidates with disabilities. However, it costs BIT $5,400 for each candidate to go through their 16 week Salesforce and Cisco certification classes. As a 501(c)(3) non-profit organization, they are highly dependent on corporate donations, individual donations, and grants. With a retention rate of 93% of its candidates that are placed in meaningful careers, every $5,400 raised enables them to change a person's life forever.

SANS and BIT would greatly welcome and appreciate your financial support to help them continue to change the lives of people with disabilities.

Attendee Information

Rub virtual shoulders with professionals in your field and zero-in on the most relevant cyber solutions by registering for one of our four topic tracks. This event will bring together cyber security professionals of all experience levels from around the world for this two-day immersion into the latest cyber solutions, tools, and techniques to combat today’s threats.

Take a sneak peek of what you can expect from the experts themselves, when you join us to elevate your cyber skills and solutions know-how.

Continuing Professional Education (CPE) Credits are earned by participation in the event!

  • 6 CPEs are earned each day for attending Cyber Solutions Fest 2022
  • Yes, that's correct. You will earn 12 CPEs total for spending October 13th and 14th with us!

Agenda | October 14, 2022 | 8:30AM - 5:00PM

Timeline (EDT)

Session Details

8:30 AM

Kickoff & Welcome

Matt Bromiley, Senior Instructor, SANS Institute

8:45 AM

Fear, Greed and Business - The Evolution of Ransomware

Ransomware was an epic fail as a crime in 2005. But through a rethinking of social engineering, a steady evolution and some incredible luck, it became the major threat it is today. Join Symantec’s Kevin Haley, Director Security and Response for a look at the failures, evolution, changing technologies and ultimate success of ransomware. You’ll also hear about where this trending form of malware is likely to evolve next and some predictions for the future.

Kevin Haley, Director, Security Response, Symantec by Broadcom Software

9:25 AM

Ransomware: The True Cost to Business


 In response to evolving threats, Cybereason has released the second annual Ransomware: The True Cost to Business report, to assist organizations in defending against ransomware attacks. Join Cybereason's CTO and Co-founder, Yonatan Striem-Amit, as we discuss notable findings, as well as measures we can take to proactively defend ourselves and our businesses.

Yonatan Striem-Amit, Co-Founder, Cybereason

10:05 AM


10:20 AM

Demystifying Gen V Attacks: Ransomware, Nation-State, and Supply Chain

Last year, over the US Independence Day weekend, the attack on IT management software firm Kaseya combined two of 2021’s most notorious cyber attack trends—supply chain attacks and ransomware. At least 1,000 businesses are said to have been affected by the attack, with victims identified in at least 17 countries. In May 2021, a major US fuel company fell victim to a ransomware attack which led to its entire fuel distribution pipeline being shut down while it investigated the problem, causing shortages across the East Coast of the United States and influencing oil prices globally. It wasn’t that long ago that ransomware didn’t even exist. How did we get to this point? And is there any way to stop this most popular trend in cybercrime before it’s too late? This session will address these phenomena and describe how organizations can remain protected against this growing global trend.

Grant Asplund, Chief Cyber Security Evangelist, Check Point Software

10:50 AM

Ransomware and the Supply-Chain : A Paradigm Shift for Attackers and Defenders

Supply-chain attacks have grown exponentially in number and sophistication over the last couple of years, and Ransomware groups have been benefiting this trend, enabling them to leverage both a less protected entry path and also a easy distribution mechanism to reach a large number of potential victims. The “Shift-left” approach, SBOM analysis and vendor audits are tackling some aspects of this problem but can’t overcome production environment issues and runtime code changes. This presentation will review the different types of attacks, explain where prevalent tools and procedures fail to mitigate this growing threat and suggest a new, innovative approach to address this challenge using Moving Target Defense technology.

Hudi Zack, Chief Product Officer, Morphisec

11:20 AM

The Beginning of the End: Preventing Ransomware with a Zero Trust Architecture

Ransomware has become the single greatest concern in cybersecurity. Attacks rose another 80% this year, driven by RaaS, supply chain attacks, and multi-extortion tactics that make ransomware attacks more accessible and lucrative. In the face of this modern threat landscape we will dive into the motivations, capabilities and operational security of the adversary proving; zero trust strategies are more critical than ever. Join Erik Yunghans from Zscaler’s to learn: Historical as well as the latest trends in ransomware, based on new findings just released from ThreatLabz Emerging attack techniques How zero trust optimizes your ransomware defenses.

Erik Yunghans, Principal Product Manager, Advanced Cloud Sandbox & Advanced Threat Protection at Zscaler

11:50 AM


12:00 PM

In the Trenches with Top Cyber Experts

During this keynote, SANS’ John Pescatore and several SANS instructors and leaders of the cybersecurity community will share their experiences with from times in their careers where they were brought in by companies and government agencies on cybersecurity incidents, audits/test or other critical business/mission areas.

Join this fascinating discussion where they will dive into some breaches and stories of their experiences in the cyber trenches – and maybe also in corporate boardrooms.

John Pescatore, Director of Emerging Security Trends
Ed Skoudis, President of Technology, SANS Institute
Lodrina Cherne, Principal Instructor, SANS Institute
Jorge Orchilles
, Principal Instructor, SANS Institute 


Afternoon Kick-off

Matt Bromiley, Senior Instructor, SANS Institute

1:10 PM

Ransomware: Where We Are Now

Senior threat intelligence analyst Brigid O Gorman will discuss what has changed since Symantec last published a whitepaper on this topic earlier this year. She will discuss some of the currently most active groups on the ransomware threat landscape, the TTPs deployed by them, and the interesting trends we have observed.

Brigid O'GormanSenior Research Analyst, Symantec by Broadcom Software

1:30 PM

Ransomware Range: A Live Deployment

Come join Cybereason's "Ransomware Range", as we provide a briefing on updated ransomware business models and actors, while also allowing participants to see live deployments and prevention of some of the most infamous strains of ransomware. We’ll deploy and explore strains of increasing complexity and sophistication - including: - WannaCry - Conti - BlackCat/ALPHV - Fileless ransomware Come dissect and learn from live ransomware operations - from initial intrusion, lateral movement, privilege escalation, and ultimately full network compromise.

Ken Westin, Director of Security Strategy, Cybereason

1:50 PM

Stop Ransomware Before It Stops You

Over the past couple of years, ransomware has evolved from relatively simple, opportunistic crimes to a prime concern for security and business leaders alike. The evolution of ransomware is a story of innovation as attackers realize that the amount of damage they cause directly corresponds to how big their payday will be. In this session, Tom Clavel, Director of Product Marketing at ExtraHop will discuss common misconceptions about ransomware prevention and remediation and expose where attackers do the most damage on their path to extortion. He will share real life examples of ransomware mitigation and share practical guidance for where defenders should be looking to expose and root out intruders’ malicious behavior.

Thomas Clavel, Director of Product Marketing, ExtraHop

2:20 PM

Dodging Destruction with Detection: Threat Hunting to Stop Ransomware

Ransomware is a big business. Attacks are becoming more sophisticated, and extortion is the name of the game when it comes to extracting payments from targets. These types of threats, combined with increased supply chain vulnerabilities, require a more proactive approach to securing your organization. To stay ahead of these attacks, security administrators can’t wait for detection to occur. In this session, we will explore the 2022 threat landscape, review common actions adversaries will take once in your environment, and discuss tips and techniques to help neutralize threats before they have the chance to cause any harm.

Jeramy Kopacko, Senior Sales Engineer, Sophos

2:50 PM

The Future State of Ransomware is Closer than We Think

Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Scott Scheferman, Office of the CTO at Eclypsium as he explores where they are headed, and ask the hard questions about what it will take to get ahead of them. In this session, we will cover: - What is the future of digital extortion campaigns? - What is the nature and magnitude of impacts associated with these? - Where and how does firmware and device trust come into play here? - How do organizations that have fully migrated to 3rd party cloud infrastructure and SaaS services, proactively mitigate risks in this new future? - What can present-day research and attacker campaigns teach us about what is next to come? - What is the next ‘North Star’ for us to aspire to? Is it still Zero Trust?

Scott Scheferman, Principal Strategist, Eclypsium

3:20 PM


3:35 PM

The Evolution of Ransomware - Prepare to Protect and Respond

Ransomware groups turned up the pressure in 2021, demanding higher ransoms and using new tactics to increase their demands. In fact, the average ransomware demand in cases handled by Unit 42 in 2021 climbed 144% since 2020. At the same time, there was an 85% increase in the number of victims who had their names and other details posted publicly on dark web “leak sites'' that ransomware groups use to coerce their targets. As the ransomware landscape continues to evolve, threat actors leverage new creative techniques to cripple business operations. Join this session to see how your organization can prepare to stay ahead of the threats.

Josh Costa, Global Technical Effectiveness Lead, Unit 42, Palo Alto Networks

4:05 PM

Panel: Tips and Tricks to Defeat Their Tricks!

Don’t let adversaries use their tricks on you! Ransomware threat actors have a wide range of capabilities within their arsenal. We’ve seen, in attack after attack and year after year, adversaries find success in their victim environments despite the best laid plans and security measures. Perhaps it’s time we ask the tough questions: What’s working, and what isn’t?

Join us for this panel discussion where we will reflect on the knowledge shared throughout the day, including some of our key takeaways, what organizations are doing right, and what they’re doing wrong. We’ll discuss some of the best tips and tricks that security teams can plan for today, to defeat adversarial tricks of tomorrow!

Matt Bromiley, Senior Instructor, SANS Institute

Liam O'Murchu, Director, Security, Technology and Response Group, Symantec by Broadcom Software
Kevin Savage, Principal Threat Analysis Engineer, Symantec by Broadcom Software
Yonatan Striem-Amit, Co-Founder, Cybereason
Ken Westin, Director of Security Strategy, Cybereason

4:55 PM

Wrap-Up and Closing Remarks

Matt Bromiley, Senior Instructor, SANS Institute