This talk starts out simple enough–the CISO has contacted you, the incident responder. There’s a ransom note, they’re yanking and rebooting machines, mass panic, now what?
Walk through a full ransomware scenario, stopping along the way to vote on crucial turning points as an audience. What flavor of malware will you find? Will there be more than one threat actor? APT or script kiddie? Oh no, is that Joe from accounting’s nudes?
This talk is based on multiple REAL ransomware cases, they’ve just been obfuscated to protect the innocent. Come for the memes, catharsis, and bizarre stories that can result–you choose!
Heather Smith (@LitMoose), aka Moose, is a DFIR (digital forensics and incident response) Dumpster Diver, a lover of logs, report artificer, and generally benevolent contractor. She has some degrees but would rather talk to you about weird stuff she finds on cell phones or reconstructing RDP sessions. Caretaker of three cats, fiddle player, and fan of potatoes in all forms.