The Carbanak group has been one of the most prolific cybercrime actors in the past year. There’s a high-likelihood that the spate of POS intrusions at restaurants and hospitality-associated establishments is attributed to Carbanak. In this talk, we will walk through some of the key features of Carbanak maldocs and learn about some behavioral approaches to identifying and detecting Carbanak based on a signature. A historical guide to Carbanak will be used to set the stage for a more in-depth discussion around current TTPs and what you can do to keep this actor out of your environment.