#1401684: Ransomware - Do You Pay It Or Not? - Experts debate the costs and ethics surrounding ransomware payments
| BRI comment: | Registration Required |
|---|---|
| Description: |
Overview To pay ransomware attackers or not to pay? The global cybersecurity community continues to debate this complicated issue recently brought to the forefront by the Colonial Pipeline attack. Governments around the globe are now weighing in on what they believe to be the right response to a ransomware attack. Some are even considering making ransomware payments illegal. Putting potential legal requirements aside, on the business side the decision to pay or not to pay isn\'t an easy one to make: On one hand, paying ransom encourages additional brazen attacks; on the other, organizations that choose not to pay the ransom may have to shutter operations or find themselves in the position of being unable to pay employees. SANS is proud to host what is sure to be a dynamic debate of this issue. We\'re bringing together some of the top minds in cyber and ransomware incident responders to represent both sides of the debate. Our expert panelists will share stories from the field and their own experiences in responding to what amounts to hundreds of ransomware incidents between the lot of them. There\'s no great solution here -- it\'s a real-life \'no-win situation\' for cybersecurity. This debate will focus on providing practical and thoughtful advice that\'s based on real-world experiences dealing with ransomware. If you have a strong opinion on the issue, join us to see if you can be swayed. As these unique perspectives will highlight, the decision to pay the ransom or not is much more challenging than you might suspect. Speaker Bios Jake Williams Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud. Matthew Toussain Matthew Toussain is an active-duty Air Force officer and the founder of Spectrum Information Security, a firm focused on maximizing the value proposition of information security programs. As an avid information security researcher, Matthew regularly hunts for vulnerabilities in computer systems and releases tools to demonstrate the effectiveness of attacks and countermeasures. He has been a guest speaker at many conference venues, including DEFCON, the largest security conference in the world. After graduating from the U.S. Air Force Academy, where he architected and instructed the summer cyber course that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He directed the teams responsible for developing innovative tactics, techniques, and procedures for offensive operations as well as for cyber protection teams (CPT). Later, as a member of the 688th Cyber Warfare Wing he managed the Air Force's transition of all 18 CPTs to fully operational capability. As a founding member of Spectrum, Matthew regularly performs a wide variety of information security services. He earned his master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and supports many national and international cyber competitions including the CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise as a red team member and instructor. Ryan Chapman Ryan Chapman, Principal Incident Response Consultant for the BlackBerry Security Services Team, is an IR consultant with roots in SOC and CIRT work. He handles incidents requiring network activity analysis; researching host and network IOCs; hunting through log aggregation utilities; sifting through packet captures; analyzing malware; and performing host and network forensics. Ryan is also the lead organizer for CactusCon, teaches FOR610 for SANS, and is writing a new ransomware-based course for SANS. He also spends time with his family and plays plenty of Street Fighter. Hadouken! James Shank Joining Team Cymru more than ten years ago, James Shank has contributed to several efforts within Team Cymru and within the broader Information Security community. From the start of his tenure, James served as SME and lead developer over Team Cymru\\\'s highest volume and highest velocity data processing services. He quickly rose through the leadership ranks to become Engineering Team Lead and Manager of Engineering, before joining a team focused on rapid proof of concept research and development. With a passion for people over technology, James gravitated towards community-focused efforts and now serves as Chief Architect of Community Services and Senior Security Evangelist. His informal title is \\\"nerd who can talk to people.\\\" Throughout his career at Team Cymru, James has contributed to community efforts to fight malicious activity online. Serving on the DNS Changer Working Group, contributing to Mirai research efforts, and helping to analyze WireX are a few examples of James\\\' community contributions. Today, James focuses on bringing about lasting and substantive changes to Information Security on a global scale, participating in many trust-based groups and ad hoc task force efforts. A few recent highlights include DNS Transparency, where with some friends, he seeks to provide a lasting solution to make DNS changes to TLD zones auditable and verifiable; DDoS Traceback where James helps to facilitate a group of network operators and security researchers aimed at tracing back and cutting off sources of spoofed packets; and James assisted with target verification and orchestration of the Emotet takedown in early 2021. James is also a member of the Ransomware Task Force (RTF). Organized by the Institute for Security and Technology, the RTF worked to assemble recommendations for the Biden administration and international government bodies. The RTF\\\'s hope is that coordinated action by both public and private sector entities will enable substantial changes that favor defenders in the battle against ransomware. |
| More info: | https://www.sans.org/webcasts/ransomware-pay-not-experts-debate-costs-ethics-surrounding-ransomware-payments-119960 |
| Date added | May 30, 2021, 9:59 a.m. |
|---|---|
| Source | SANS |
| Subjects | |
| Venue | June 3, 2021, midnight - June 3, 2021, midnight |