Malware & Ransomware Solutions Forum

Event Overview

As organizations continue to deal with emerging threats in the malware space, it's easy for some to take a complacent view and say, 'Malware, haven't we done this already?' We've been dealing with this for decades. And while people who take this view aren't necessarily wrong, ransomware continues to be one of the most popular cyber attacks among organizations. With malware and ransomware becoming more sophisticated and threatening than ever before, it's important for security teams to up their defense and strategies and stay ahead of these attacks. Simply put, ransomware is not going away.

Join this SANS lead forum as we explore various malware & ransomware topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.



DomainTools_Logo_Color_(1).pngLogRhythm Logosophos logoZscaler_BrandAssets_LogoLockup_Blue.pngCisco_Umbrella_Transparent.pngVOT-4999_Logo_RGB.pngMagnet_Forensics_Horz_RGB.pngCybereason logoPalo_Alto_Networks.png

Timeline (EDT)


10:30 AM

Welcome & Introduction

Jake Williams, SANS Certified Instructor

10:50 AM

Racing Against Ransomware: A Proactive Approach to Blocking Sophisticated, Evolving Attacks

Each day, ransomware attacks grow more sophisticated, more evasive, and much more difficult to predict. What’s the key to blocking these threats? Getting proactive. Join Cisco’s Chantel Strickland, Technical Solutions Architect, as she shares the forward-thinking techniques and tools to fortify your network against these ever-changing attacks. From digging into the anatomy of modern ransomware attacks to exploring the deep forensic analysis needed to protect data and network from cyber criminals, Racing Against Ransomware delivers a technical, carefully assembled toolkit for fending off these dangerous, malware-inspired threats.

Chantel Strickland, Technical Solutions Architect, Cisco Umbrella

11:25 AM

You CAN Stop What You Can’t See: Preventing Unknown & Evasive Malware

Why is email phishing still the #1 most successful malware delivery channel? The answer: human error, combined with security defenses that are unable to detect and prevent unknown threats. For just $3, threat actors can easily purchase pre-made weaponized documents with a money-back guarantee that the zero-days inside will successfully execute. Call it an invoice and send it to finance—cha-ching!

This combination of tech, WFH distractions, sophisticated phishing techniques, and the desire by employees to do their jobs well increases risk. Join ex-IDF security researcher and past pentester Aviv Grafi to deep-dive into stealthy ways that ransomware and other malware enter networks via weaponized files and links and evade both employees and detection solutions like email gateways, AV, and sandboxing. Along with TTPs and real, recent examples of evasion techniques from the billions of malicious files that Votiro processes each year, Aviv will dissect a malicious file, showing how hackers hide malware inside common and business-important elements like macros.

Aviv Grafi, CEO, Votiro

12:00 PM


12:10 PM

A Defenders Guide to Ransomware Families

Ransomware dominates the news cycle, but with an ever-growing number of variants and the botnets behind them it’s easy for defenders to lose track of their relationships.

Join DomainTools Senior Security Researcher Chad Anderson as he walks through an investigation of samples of the more prolific ransomware families in IRIS. Through his investigation he will provide a lay of the land, as it stands today, and which infections lead to what outcomes, properties of those infections, and how to spot them.

Chad Anderson, Senior Security Researcher, DomainTools

12:45 PM

Sophos State of Ransomware 2021

Join us for an insightful deep dive into the state of ransomware in 2021. Based on an independent survey of 5,400 IT managers in mid-sized organizations around the globe, the webinar will explore:

  • Which countries and industries are most affected by ransomware
  • How often attackers successfully encrypt their victims’ data
  • The financial cost of ransomware, including the actual ransoms paid
  • The crucial information attackers omit when issuing ransom demands to you

Plus, you’ll discover the strategies that enable some IT managers to feel confident they won’t fall victim to ransomware in the future.

Brandon Carden, Senior Solutions Engineer, Sophos

1:20 PM

Ransomware Operational Risk and You

As the threat landscape continues to grow Ransomware has evolved to become a formidable weapon. Despite its evolution Ransomware attack methods remain largely unchanged. Today we'll look at how ransomware has grown in recent history and discuss a few ways to help you mitigate risk.

Rich Bakos, Director of Engineering, LogRhythm

1:55 PM


2:05 PM

Advances in Ransomware and how to defend against it

Ransomware has increased in velocity and sophistication, with $20B in reported damages in 2020. Attackers are evading defenses using encryption and trusted third-party applications, and they’re leveraging double-extortion and DDoS tactics. Zscalers ThreatLabZ monitors millions of attacks each year and, in this session, Director of threat intelligence, Brett Stone-Gross and research Senior Manager, Nirmal Singh will share the latest trends, vulnerabilities, attack sequences, and prevention strategies.

Brett Stone-Gross Director, Threat Intelligence, Zscaler
Nirmal Singh, Director, Security Research, Zscaler

2:35 PM

Investigate Malware & Ransomware With Speed and Efficiency

It’s not a question of if a data breach will happen, but when. Investigation of these breaches and obtaining Indicators of Compromise quickly is paramount to prevent further infections throughout a network. This presentation will focus on connecting the dots in examining the malware and its related components, looking for sideloaded dll’s and identifying outbound communications. We will also look at the use of timeline to assist in identifying the compromise.
Research found here

Steve Gemperle, Forensic Consultant, Magnet Forensics

3:10 PM

The True Cost of Ransomware Attacks

A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies.

Join us to examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack, with topics for the session to include:

  • Whether organizations should ever consider paying a ransom demand
  • If organizations have the right people, processes and policies in place to address the risk posed by ransomware attacks
  • The wide-reaching impacts to the business following a successful ransomware attack
  • Whether organizations are making the right investments in security prior to a ransomware attack and where they are investing after being a victim
Lodrina Cherne, Principal Security Advocate, Cybereason

3:45 PM

Key Considerations When Building a Formal Incident Response Plan

Find out how to stop cyber criminals in their tracks. These days, having an incident and response plan is no longer a "nice to have." It has become crucial to create clear steps for stakeholders, external resources and more ahead of time so that all the prep work is in place for when an incident occurs. Oftentimes, agencies are challenged with knowing where to begin, let alone best practices for what to include in the game plan.

In this session, our guest speaker Sam Rubin, vice president for Unit 42, will present the key components and provide takeaways for when you’re building out your IR Plan. If you already have one in place, these will help with maintaining it.

Clay Brothers, Unit 42 Principal Consultant, Palo Alto Networks
Sam Rubin, Unit 42 Vice President, Palo Alto Networks

4:20 PM


Jake Williams, SANS Certified Instructor