RSA Conference 2017: your chance to get to grips with ransomware

You know a security threat has reached epic proportions when RSA Conference decides to make it the focus of an all-day seminar. Such is the case with ransomware.

This scourge will be under the microscope Monday from 9am until 5 pm in room 2024 at Moscone West, part of the sprawling Moscone Center complex where RSA Conference 2017 takes place next week.

Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics.

Unfortunately, that’s hardly the case, said Andrew Hay, CISO of DataGravity and one of the seminar organizers.

Ransomware is one of the most prominent threats facing organizations and their end-users, partners, and customers. RSA brings together many of the best and brightest security minds in the industry, many of whom spend countless hours researching ransomware. In addition to security professionals, numerous organizations send their own security and technology employees to gain a better understanding of ransomware and effective mitigation techniques.

Mitigation strategies will be at the heart of this seminar. Attendees can expect a day of exploring ransomware’s multifaceted implications across technical, policy, compliance and financial response, Hay said.

Sessions will focus on innovative research, case studies on response and recovery efforts, and debate on if – and when – the victim should pay the ransom.

The struggle is real

Ransomware has been a major focus for Naked Security in the last couple of years. Last month, for example, we wrote about how thousands of unsecured MongoDB databases were hit by an attacker demanding a 0.2BTC ransom ($220) to return the data he was holding hostage. The attacker, going by the online handle Harak1r1, hit servers across the globe.

When it comes to the question of whether or not to pay a ransom, we’ve shied away from moralizing about whether it’s always unacceptable to support criminality by paying up, even if you are in a difficult position. But in Ransomware – should you pay? we made two suggestions:

  1. Don’t pay if you can possibly avoid it, even if it means some personal hassle.
  2. Take precautions today (eg backup, proactive anti-virus, web and email filtering) so that you avoid getting into a position where you ever need to pay.

The trick, of course, is to keep from getting put in this no-win situation in the first place. We’ve regularly offered advice on preventing (and recovering from) attacks by ransomware and other malware, and continue to offer the following resources:

Sophos also recommends reading this guide:

Seminar agenda

For those attending RSA, the full ransomware seminar agenda is as follows:

9:00 AM – 9:15 AM Welcome & Opening Remarks | Andrew Hay
9:15 AM – 10:00 AM Preparing for Ransomware | Andrew Hay, Michael Duff, Dr. Neil E. Jenkins
10:00 AM – 10:30 AM What the Kidnapping & Ransom Economy Teaches Us About Ransomware | Jeremiah Grossman
10:30 AM – 11:00 AM Networking Break
11:00 AM – 11:30 AM We Infected Ourselves with Ransomware: Here’s What We Learned | Robert Gibbons
11:30 AM – 12:00 PM #NoMoreRansom: Industry and Law Enforcement Join Forces to Fight Back | Christiaan Beek, Raj Samani
12:00 PM- 1:15 PM Lunch Break
1:15 PM – 1:45 PM Corporations: The New Victims of Targeted Ransomware | Candid Wüest
1:45 PM – 2:15 PM Recovering From Ransomware With Your Data’s Point of View | Paula Long
2:15 PM – 2:45 PM Out of Control: Ransomware for Industrial Control Systems | David Formby
2:45 PM – 3:15 PM Networking Break
3:15 PM – 3:45 PM Not UNIX to Windows Anymore: A First in a Booming Ransomware Industry | Benjamin Rivera, Joachim Suico
3:45 PM – 4:15 PM Legitimate Business as Unwitting Accomplice of Underground Economy | Andrei Barysevich, Levi Gundert
4:15 PM – 4:45 PM A Deep Look Into the Russian-Speaking Ransomware Ecosystem | Anton Ivanov
4:45 PM – 5:00 PM Closing Remarks | Andrew Hay