Speakers
Synopsis
If your strategy for preventing ransomware attacks is solely to block the executable, you're doing it wrong. Join this session to review and dissect a real world Ransomware attack and learn what the early stages of an attack look like - and how to detect them with network visibility.
This session provides a step-by-step reconstruction of a real-world ransomware attack and shows detection opportunities using network visibility before ransomware execution takes place. The attack is based on a DFIR report of a real-world ransomware attack using IcedID to drop Nokoyawa ransomware. All host-specific steps were removed in order to focus on network observable steps of this attack.
For each stage of the attack the session highlights in-production detections from a Network Detection and Response (NDR) solution that would fire and detect the behaviour - giving defenders an early indicator of attack behaviour that they can use to thwart the attacker's efforts. The session also shows attendees that are not familiar with NDR tools the type of detections that they are capable of to help with earlier detection of attacks that are in progress with over 15 real world examples of detections based on this single attack use case.
