Thank You To Our Sponsors
.png){kind=logo}
.png)
.png){kind=logo}
Full Agenda | 10:00am - 2:00 pm ET
Timeline (ET) | Session Details |
|---|---|
10:00am-10:10am | Event Kickoff & Introduction Matt Bromiley, Event Chair, SANS Certified Instructor |
10:10am-10:45am | Mitigate the Blast Radius: Detecting Ransomware with NDR When a ransomware attack strikes, every second counts. Traditional security measures are often too slow to respond effectively, leaving organizations vulnerable to devastating data loss and financial damage. However, there's a powerful source of truth that can be leveraged to stop attackers in their tracks: the network itself. In this session, we'll explore how Network Detection and Response (NDR) technologies can provide crucial defense against ransomware threats. We'll explore:
Jamie Moles, Senior Manager, Technical Marketing, Extrahop |
10:45am-11:20am | The Ransomware Trapdoor: How Phishing Emails Still Slip Past Defenses in 2025 Phishing remains the #1 delivery method for ransomware—and it’s only getting more deceptive. Despite advances in email security, SOC teams are still overwhelmed by suspicious emails that slip through gateways, evade filters, and demand precious time for manual investigation. So why do these threats continue to succeed? And how can we finally break the cycle? In this practical session, we’ll expose how modern phishing emails bypass traditional email defenses and accelerate the path to ransomware execution. You’ll learn real-world evasion tactics attackers use, see how long it takes to manually analyze a suspicious email, and walk away with actionable techniques to streamline phishing analysis in your SOC workflow. In this session, you will learn the following: • How ransomware operators are evolving phishing techniques to bypass email security gateways using sandbox evasion, obfuscation, and delayed payload delivery. • Discover workflow shortcuts and automation opportunities to reduce phishing triage time from hours to minutes. • Get hands-on tips and tooling recommendations to improve malware sample submission, verdict generation, and IOC extraction in the face of evasive ransomware threats. Andrey Voitenko, Senior Product Manager, VMRay |
11:20am-11:55am | Fighting Ransomware with AI: Preemptive cyber defenses for the modern threat landscape Traditional security measures continue to fall short. Post-breach detect and response is proven to fail. Discover how secure cloud browsing and preemptive, AI-driven defenses block evasive ransomware attacks before they reach the endpoint, ensuring data integrity and business continuity. Neko Papez, Sr. Manager of Cybersecurity Strategy, Menlo Security |
11:55am-12:10pm | Break |
12:10pm-12:45pm | The Kids Aren’t Alright: How UNC3944 Redefined Ransomware and Extortion Beginning in 2023, a loosely organized group of teenagers and young adults shifted their focus from SIM swapping and fraud to multi-faceted extortion. Navigating corporate networks and working their way through the ransomware affiliate ecosystem, they highlighted a weakness in modern remote work environments: human verification. They talked their way into the networks of major corporations, innovatively exfiltrated critical data, and demonstrated that some audacious abuse of administrative credentials goes completely unnoticed. This talk will examine the lasting impact UNC3944 had on cybercrime and what organizations can do to prepare for fast paced attacks that can reach any application or service of value. Josh Madeley, Incident Response Regional Lead, Mandiant, Part of Google Cloud |
12:45pm-1:20pm | Presentation Title Coming Soon! Session Details Coming Soon! |
1:20pm-1:55pm | "Dear Identity": A Ransom Note and Deep Dive into Ransomware Attacks and Proactive Identity Security Ransomware continues to be one of the most dangerous and financially devastating threats facing organizations today — but it's not just data that's at risk. Ransomware campaigns are increasingly targeting identity systems like Active Directory and Entra ID, seeking to escalate privileges with a goal of complete takeover. Securing identity has become a critical pillar in a modern ransomware defense strategy. In this webinar, we’ll explore the continuous evolving threat landscape of ransomware, how these attacks unfold, and why identity compromise is often the center of large-scale breaches. We'll break down the typical ransomware attack chain, highlighting how attackers leverage stolen credentials and Active Directory weaknesses to succeed. We’ll discuss major ransomware incidents, including wannacry, Revil, and lockbit with real-world examples of the severe impact identity-focused ransomware can cause. We’ll also profile notable threat groups and their tactics to give you actionable insights into how ransomware operations work today compared to just a few years ago. We will finish the session with a live 15-minute demonstration of Netwrix Threat Prevention, showcasing how it can detect ransomware behavior early, identify anomalous activities linked to identity compromise, and automatically take action to contain and stop an attack before it spreads. We will also touch on the importance of internal assessments to understand what vulnerabilities potentially lie in your environment. Security practitioners, junior or senior will all walk away from this sessions with essential strategies to strengthen your defenses, focusing on identity protection as a core component of ransomware resilience. Darryl Baker, Solutions Architect, Netwrix |
1:55pm-2:00pm | Event Recap & Closing Remarks Matt Bromiley, Event Chair, SANS Certified Instructor |
