A Closer Look at Ransomware
Coffee with CISOs Episode 12
Our guest for this episode is Head Of Security Research at Orange Cyberdefense, Charl van der Walt. Charl leads the OCD Security Research Center – a specialist security research unit within the organization. Together we’ll be discussing Orange’s findings from this investigation, how rThreat was used to evaluate how EDR solutions respond to ransomware, and the multifaceted approach needed to solve this issue.
Bring your favorite drink (doesn’t have to be coffee) and take a quick break to learn more about:
- What Charl and the Orange Cyberdefense team learned from this ransomware investigation
- How well EDR solutions are able to detect ransomware
- Best practices companies must adopt to prevent ransomware attacks
You want to observe around you and respond to new threats very rapidly. I think that’s the first thing you want to set yourself up to do and it’s an organizational discipline and it’s to do with how you structure your people and how you structure your processes.
About the Webinar
A new organization becomes a victim of ransomware every 10 seconds. With its growing popularity, ransomware is the latest form of cyber extortion threat where important data is encrypted and held for “ransom” (usually paid in the form of cryptocurrency). In efforts to monetize their hack, hackers utilize key system files and processes to halt business processes and important data flow. According to the Cyber Kill Chain, ransomware hackers scan vulnerabilities and search for compromised credentials outside of the victim’s information system through External Reconnaissance. Then, through phishing, vulnerability exploitation, legitimate login accounts on remote access, or malspam, hackers perform Intrusion. Next, for Internal Reconnaissance, they discover the domain’s servers, identify security solutions, and may even backup location and identification targets. The fourth step in the Kill Chain is Privilege Escalation through a variety of techniques, followed by Command & Control through legitimate remote access or a Remote Access Trojan. Finally, hackers perform Exploitation through encryption, data exfiltration, or backup identification. Hackers usually target bigger corporations through holistic encryption. Sociocultural catalysts and technological legacy factors further this. However, it is important to stay cautious that some ransomware is fake, meaning that none of the files/data have been encrypted and no ransom needs to be paid in order to continue business operation. In order to prevent ransomware attacks, anticipate, detect, and identify your assets, attack surface, and threats. To learn more, check out Orange Cyberdefense’s ransomware whitepaper.
MEET THE SPEAKERS
Charl van der Walt
Charl van der Walt, Head Of Security Research at Orange Cyberdefense. Charl leads the OCD Security Research Center – a specialist security research unit within the organization. Recently they published an investigative report on ransomware, detailing information about how ransomware has evolved over time, what factors fuel its growth, and how companies can avoid becoming a victim.
Want to see rThreat in action?
See how the next generation of breach and attack emulation can help protect your company from cyber threats.