In this talk I will present the details and challenges of handling an incident suffered by a large multinational company with subsidiaries in Brazil, India and the United States that resulted in the Mamba discovery, the first ransomware to use, in fact, the Full Disk Encryption (FDE) strategy. I’m going also to present the entire process of researching, publication and collaboration with CERTs from various countries, research laboratories and international security products players.
Renato Marinho, MSc, is an information security researcher at Morphus Labs. With more than 15 years of hands-on experience in the field he holds also professional certifications like CISSP, CRISC and PMP. He teaches Computer Forensics discipline at Universidade de Fortaleza (Brazil) and is a frequent presenter at different international conferences like Security BSides, Mind the Sec, WSKS Portugal, GTER/GTS and Brazilian CSIRTs Forum.