Cyber Solutions Fest 2023: Ransomware

  • Thursday, 26 Oct 2023 10:30AM EDT (26 Oct 2023 14:30 UTC)
  • Speaker: Matt Bromiley

There is likely no cyber threat that can cause as much panic, chaos, and concern amongst cybersecurity professionals as ransomware. Causing widespread damage and disruption to organizations of all sizes, ransomware is here to stay. It remains a profitable business for even the most inexperienced adversaries and has created a multi-billion dollar industry that continues growing. In this forum, we bring together experts and industry leaders to discuss the latest developments and best practices in ransomware solutions and security.

Topics for this forum include:

* The impact of ransomware on organizations

* The importance of backup and recovery strategies as it pertains to a ransomware intrusion

* The role of advanced security technologies in mitigating the risk of a ransomware attack.

* Steps that organizations can take to prevent or minimize the impact of ransomware.

Please join us for 2023 SANS Cyber Solutions Fest, on October 26th, for an action-packed, can't-miss session on all things ransomware. We hope to see you there!

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

To view the full agenda for the Ransomware Track, please scroll down! Take note of your most anticipated presentations and favorite speakers below. Pro tip: You can visit our landing page to register for more than one track to truly take your cybersecurity skills to the next level!


Platinum Sponsors

Eclypsium_Logo_Full_Color.pngsophos logo

Gold Sponsors

Horizontal_Logo_-_Dark_-_Blue_Swoosh.pngExtraHop Networks logoPalo Alto Unit 42 logo

Silver Sponsor


Event Platinum Sponsors

Anomali-logo_lion-wordmark_RGB-color.pngCorelight_Transparent.pngEclypsium_Logo_Full_Color.pngendace_vert_logotagline-black-padding[34].pngPalo_Alto_Networks.pngsophos logosysdig_logo-black_with_tagline.png

Agenda | October 26, 2023 | 10:30 AM - 4:45 PM EDT

Timeline (EDT)Session Details

10:30 AM

Welcome & Opening Remarks

Matt Bromiley, Certified Instructor, SANS Institute

10:40 AM

Session One | The Future State of Ransomware Is Closer Than We Think

Abstract Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Scott Scheferman, Office of the CTO at Eclypsium as he explores where they are headed, and ask the hard questions about what it will take to get ahead of them.In this session, we will cover:

  • What is the future of digital extortion campaigns?
  • What is the nature and magnitude of impacts associated with these?
  • Where and how does firmware and device trust come into play here?
  • How do organizations that have fully migrated to 3rd party cloud infrastructure and SaaS services, proactively mitigate risks in this new future?
  • What can present-day research and attacker campaigns teach us about what is next to come?
  • What is the next ‘North Star’ for us to aspire to? Is it still Zero Trust?

Scott Scheferman, Principal Strategist, Eclypsium

Session Two | Fighting Active Adversaries: Understanding the 2023 PaperCut Exploitation Campaign

Ransomware actors are speeding up. The median dwell time in ransomware attacks is now just five days, down from nine days in 2022. With adversaries accelerating the execution of their attacks, defenders have less time to detect and stop them before files are encrypted. Join Sophos for an in-depth analysis of the 2023 PaperCut Print Manager exploitation campaign. They’ll dive into the tactics employed by threat actors and explore the significance of diligent post-incident review and the crucial need to monitor for malicious behavior. You’ll walk away with information that can help you make better decisions about how to deploy your limited resources to support corporate strategy while driving better protect your organization.

Christopher Glick, Sophos

Session Three | Keynote Session
You Are Enough: Mental Health Insights and Challenges in Cybersecurity

Cybersecurity is a high-stress profession. Cybersecurity professionals are constantly under pressure to protect their organizations from cyberattacks, and they often work long hours in demanding conditions. This can lead to a variety of mental health challenges, including anxiety, burnout, and depression.

During this session, we will explore the mental health challenges faced by cybersecurity professionals and discuss strategies for coping with these challenges. Megan Roddie and Amanda Berlin will share their personal experiences with mental health, as well as their professional insights on how to promote mental wellness in the cybersecurity workforce.

This panel discussion will provide valuable insights for cybersecurity professionals who are struggling with mental health challenges. It will also provide guidance for organizations on how to create a supportive work environment that promotes mental wellness.


Danny Akacki, Business Operations Strategist, Trimarc Security

Amanda Berlin, CEO, Mental Health Hackers

Megan Roddie, CFO, Mental Health Hackers

Eric Lee, Chief Emotional Officer, Mental Health Hackers

Afternoon Kickoff

Matt Bromiley, Certified Instructor, SANS Institute

Session Four | Evolution of Threats: Analyzing Pre-Mortem Retrospective Lessons

Security teams have taken great pains to improve their security posture, forcing attackers to evolve and adapt. Adversaries remain a potent threat by blending tried-and-true techniques with innovative new schemes. Palo Alto Networks Unit 42® is in the trenches daily, battling the latest and most complex attacks. Join us as we dissect a few common attack scenarios based on incident response engagements. Join us for an insightful session where we dissect common attack scenarios based on incident response engagements.

  • We'll discuss the novel methods attackers used to worm their way past the victim's defenses.
  • Then we'll dig into the controls that might have stopped these attacks in their various stages.
  • Finally, we'll wrap up with what you can do to prevent your organization from ending up as the next incident response call.

Kristopher Russo, Senior Threat Intel Researcher, Palo Alto Networks Unit 42

Session Five | The Network: Cybersecurity’s Secret Weapon Against Ransomware

In today's threat environment, the reality of ransomware is no longer 'if', it's 'when' you will experience an attack. Modern ransomware is incredibly sophisticated and many organizations haven't kept pace with adequate defenses against the attackers. Research from ExtraHop's 2023 Cyber Confidence Index shows that 85% of organizations have experienced a ransomware attack in the past five years. How can you best prepare for ransomware defense and recovery? Join us to learn how you can expose ransomware behavior within your network and reduce the blast radius helping to minimize damage and hasten recovery from an attack.

Archana Ragothaman, Director of Sales Engineering, ExtraHop

Session Six | Innovations in Sophos Endpoint

Constant innovation that drives business value is at the heart of Sophos Endpoint. Join us to discover the latest enhancements that reduce cyber risk and accelerate strategic focus in our market-leading Sophos Intercept X Endpoint solution that protects Windows, macOS, and Linux systems against never-before seen ransomware, malware, phishing, web threats, and attacker-led behaviors.

Sally Adam, Marketing Director, Sophos

Session Seven | Trust Through Transparency: Finding Hidden Threats Through Integrity Verification

When dealing with advanced threat actors compromising devices that cannot have standard security tools installed, or compromising firmware of devices, we are forced to use alternative techniques to establish trust in these devices. In this session, we will focus on ways to verify integrity in the firmware of equipment to expose any hidden threats. This technical session will focus on below-the-operating-system exploitation and how organizations can inspect, validate, and fortify against these sophisticated attacks.

Adam Woydziak, Principal Engineer, Eclypsium

Ransomware Panel | Your Ransomware Wake-Up Call

Threat actors aren’t playing around. We already know ransomware is a severe threat, escalating year after year. It keeps boards up at night, executives worried about breaches, and SOC analysts glued to their dashboards. However, despite everyone “taking it seriously,” ransomware ravages enterprise networks. Adversaries continue to refine their techniques, picking apart even the best-laid defenses.This is your wake-up call. This panel will analyze recent attacks, focusing on how adversaries have found success. We’ll look at what could have been done differently and perhaps even review areas for future prevention of attacks. We encourage our audience to contribute in this live panel, offering their thoughts and feedback in our Slack channel. Join us!

Matt Bromiley, Certified Instructor, SANS Institute

Jeremy Kopacko, Senior Channel Engineer, Sophos

Scott Scheferman, Principal Strategist, Eclypsium

Session Eight | Protective DNS Unleashed: A Ransomware Defense Strategy

In today's ever-evolving threat landscape, securing your assets and infrastructure has become a formidable challenge. Traditional defense walls have fallen with rise on-the-go workforces and the relentless onslaught of cyber adversaries. But fear not, there's a beacon of hope—protective DNS.

In this session, we'll break down the power of protective DNS as a pivotal element in safeguarding your business against ransomware and other insidious threats:

  • Unmasking the Phishing Threat: How deceptive phishing tactics open the door to digital mayhem and how to spot them to keep your organization safe
  • Multi-Layered Defense with DNS Filtering: Discover why the DNS layer is your first line of defense and how it can safeguard your assets and infrastructure from ransomware attacks

  • DNS-Based Threat Intelligence: The importance of purpose-built intelligence can be used to better detect and prevent zero-day DNS-based threats before they strike

  • Compliance and Security Frameworks: Protective DNS isn't just a nice-to-have; it's increasingly essential for staying compliant with big cybersecurity standards like ISO 27001, CMMC, and NIST

Carl Levine, Manager, Sales Engineering, DNSFilter

Closing Remarks

Matt Bromiley, Certified Instructor, SANS Institute