Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Not-So-Improbable Future of Ransomware

The Not-So-Improbable Future of Ransomware

Ransomware may have been perceived as a nuisance as recently as last year, but now we’re seeing it strike – and cripple – hospitals, police stations, schools, and other critical organizations that serve the common good. This session explores the evolution of traditional real world extortion tactics and how they will likely be incorporated by ransomware.

Andrew Hay

April 26, 2017
Tweet

More Decks by Andrew Hay

Other Decks in Technology

Transcript

  1. www.leocybersecurity.com
    1
    FUTURE OF RANSOMWARE
    THE NOT-SO-IMPROBABLE
    Andrew Hay, Co-Founder and CTO, LEO Cyber Security
    +1.650.532.3555
    [email protected]
    www.leocybersecurity.com
    @andrewsmhay

    View full-size slide

  2. www.leocybersecurity.com
    2
    Andrew Hay
    @andrewsmhay
    You may know me from the Internet…
    • Chief Technology Officer (CTO) @ LEO Cyber Security
    • Former:
    • CISO @ DataGravity
    • Director of Research @ OpenDNS
    • Chief Evangelist & Director of Research @ CloudPassage
    • Senior Security Analyst @ 451 Research
    • Sr. Security Analyst in higher education and a bank in
    Bermuda
    • Blogger, author, history buff, and rugby coach
    About Me

    View full-size slide

  3. www.leocybersecurity.com
    3
    LEO is a seasoned team of cyber trailblazers and creative
    practitioners who have the deep experience and operational
    knowledge to combat the cyber skills gap
    Through creative solutions we help our customers build and
    manage security programs
    OUR HISTORY
    About LEO
    Threats adapt and so do we

    View full-size slide

  4. www.leocybersecurity.com
    4
    • The reluctant acceptance payment, combined with the low risk and
    high reward, is driving organized criminal elements to embrace
    ransomware
    • The major concern, however, is the evolution of tactics paralleling
    traditional extortion rackets
    • What can we learn from real world hostage, terrorist negotiation, and
    kidnap & ransom schemes that we can apply to our digital world?

    View full-size slide

  5. www.leocybersecurity.com
    5
    Agenda
    Introduction
    Summary
    Ransomware TTPs and K&R Doctrine
    The History of Kidnap and Ransom (K&R)
    Preparing For The Next Wave

    View full-size slide

  6. www.leocybersecurity.com
    6
    The History of Kidnap & Ransom
    Prior to 1000 A.D.
    KIDNAPPING IN ANTIQUITY
    • Not only practiced but was much
    more common than one might
    expect
    • Removal of Hebrews to Babylon
    (kidnapping of an entire race of
    people)
    • Victim’s perceived wealth,
    position in a hierarchy, or social
    status determined whether he or
    she ended up being ransomed or
    enslaved

    View full-size slide

  7. www.leocybersecurity.com
    7
    The History of Kidnap & Ransom
    1000 – 1800 A.D.
    THE MIDDLE AGES & THE
    RENAISSANCE
    • Numerous European leaders and
    nobles used ransom kidnapping to
    finance their wars and conquests
    • In Europe and in the New World
    ransom had religious issues as
    major contributing factors
    • Far East and Africa, less so

    View full-size slide

  8. www.leocybersecurity.com
    8
    The History of Kidnap & Ransom
    1800 – 1970 A.D.
    THE INDUSTRIAL AGE
    • Practice of exchanging hostages
    as a guarantor of treaties and
    agreements had ceased, except
    in Africa
    • African slave trade continued
    apace
    • “Press-ganging” of sailors
    • Ransoming entire cities
    continued
    • Legislation defining the crime
    of kidnapping and prescribing
    harsh punishments for
    wrongdoers was formally
    adopted for the first time

    View full-size slide

  9. www.leocybersecurity.com
    9
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • Terrorist and criminal actions
    propelled kidnapping to the
    forefront
    • Terrorists and revolutionaries use
    the tactic to make political
    statements or to raise funds
    • Criminals commit kidnappings
    for profit

    View full-size slide

  10. www.leocybersecurity.com
    10
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • Italy was a worldwide leader in
    kidnappings throughout the late
    1970s and most of the 1980s
    • Government instituted the
    freezing of kidnap victim assets
    and made kidnap-ransom
    insurance policies illegal
    • Also empowered magistrates to
    freeze the assets of anyone who
    might be considered a potential
    contributor to ransom payments
    Italy

    View full-size slide

  11. www.leocybersecurity.com
    11
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • In the 1990s, countries such as Colombia,
    Mexico, and Brazil raced past Italy into
    the top spots on the worldwide list
    • By the end of the 1980s, as many as four
    thousand kidnappings for ransom were
    reportedly occurring yearly in Colombia
    • Government froze assets of kidnap
    victims, made outside intercession illegal,
    and increased penalties for kidnappers
    • The measures had little or no effect
    Colombia

    View full-size slide

  12. www.leocybersecurity.com
    12
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • In the late 80s, the kidnapping
    problem began with a series of high-
    profile kidnappings of industrialists
    and well-known figures.
    • No one was immune and kidnappers
    established a pattern of kidnapping
    • There was an overwhelming lack of
    trust in the authorities
    • Became the “kidnap capital of the
    world” in 2004
    Mexico

    View full-size slide

  13. www.leocybersecurity.com
    13
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • Since 2004, the families of soccer stars
    have become fair game for kidnappers
    • Robinho’s mother was kidnapped and
    a number of family members of
    football players have been kidnapped
    and significant ransoms paid for their
    return
    • Overall, Brazil continues to suffer one
    of the highest kidnapping rates in the
    world
    Brazil

    View full-size slide

  14. www.leocybersecurity.com
    14
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • After the fall of the Berlin Wall
    entrepreneurial criminals began a wave
    of kidnappings that still continues
    • Criminal organizations have practiced
    kidnapping with virtual impunity,
    taking ransoms for businessman, family
    members, and persons of all
    socioeconomic levels
    • Kidnapping flourishes with rampant
    corruption and less than effective law
    enforcement
    Eastern Europe

    View full-size slide

  15. www.leocybersecurity.com
    15
    The History of Kidnap & Ransom
    1968 to the Present
    A MODERN SCOURGE
    • Nigeria has become one of the
    world’s most active locations for
    kidnapping
    • Hundreds of locals and expats are
    kidnapped every year and
    massive ransoms are paid
    • White western oil company
    executives are referred to by gang
    members as “white gold”
    • Nigeria is the leading kidnapping
    state in Africa
    Nigeria

    View full-size slide

  16. www.leocybersecurity.com
    16
    ”The criminal element now
    calculates that crime really does
    pay.”
    - President Ronald Wilson Reagan, 40th President
    of the United States
    The History of Kidnap & Ransom

    View full-size slide

  17. www.leocybersecurity.com
    17
    The History of Kidnap & Ransom
    1989 to 2000
    ENTER TECHNOLOGICAL KIDNAP AND RANSOM
    • AIDS Trojan hid the files on the
    hard drive and encrypted their
    names
    • Asked to pay $189 to PC Cyborg
    Corporation for a tool to decrypt
    • Had a design failure so severe it
    was not necessary to pay the
    extortionist at all

    View full-size slide

  18. www.leocybersecurity.com
    18
    The History of Kidnap & Ransom
    ENTER TECHNOLOGICAL KIDNAP AND RANSOM
    • By mid-2006, Trojans such as
    Gpcode, TROJ.RANSOM.A,
    Archiveus, Krotten, Cryzip, and
    MayArchive began utilizing more
    sophisticated RSA encryption
    schemes
    • June 2008, Gpcode.AK was
    detected using a 1024-bit RSA
    key. Believed large enough to be
    computationally infeasible to
    break without a concerted
    distributed effort
    2000 to 2010

    View full-size slide

  19. www.leocybersecurity.com
    19
    The History of Kidnap & Ransom
    ENTER TECHNOLOGICAL KIDNAP AND RANSOM
    • CryptoLocker using digital
    currency to collect ransom (2013)
    • CryptoLocker had procured about
    US$27 million from infected
    users
    • Technique was widely copied in
    the months following
    • Some ransomware strains have
    used proxies tied to Tor connect
    to their C2 servers
    • Dark web vendors have
    increasingly started to offer the
    technology as a service
    2010 to the Present

    View full-size slide

  20. www.leocybersecurity.com
    20
    Ransomware Timelines

    View full-size slide

  21. www.leocybersecurity.com
    21
    Ransomware Timelines

    View full-size slide

  22. www.leocybersecurity.com
    22
    Ransomware Timelines

    View full-size slide

  23. www.leocybersecurity.com
    23
    Ransomware Timelines

    View full-size slide

  24. www.leocybersecurity.com
    24
    Ransomware Timelines

    View full-size slide

  25. www.leocybersecurity.com
    25
    Ransomware Timelines
    http://privacy-pc.com/articles/ransomware-chronicle.html

    View full-size slide

  26. www.leocybersecurity.com
    26
    Agenda
    Introduction
    Summary
    Ransomware TTPs and K&R Doctrine
    The History of Kidnap and Ransom (K&R)
    Preparing For The Next Wave

    View full-size slide

  27. www.leocybersecurity.com
    27
    TECHNIQUES
    Detailed descriptions of behavior in the
    context of a tactic
    PROCEDURES
    Even lower-level, highly detailed
    descriptions in the context of a
    technique
    TACTICS
    High-level descriptions of behavior
    • Tactics, Techniques, and Procedures
    (TTPs)
    • Describe the behavior of an actor
    • TTPs could describe an actor’s
    tendency to use a
    • specific malware variant,
    • order of operations,
    • attack tool,
    • delivery mechanism (e.g., phishing or
    watering hole attack), or
    • exploit.
    TTPs

    View full-size slide

  28. www.leocybersecurity.com
    28
    Common Kidnap & Ransom Tactics
    RANSOM
    • Individuals held against
    their will pending payment
    of a ransom
    • Long-term negotiation (3
    days to years)
    • Victim survival rate
    (estimate) of ~90%

    View full-size slide

  29. www.leocybersecurity.com
    29
    Common Kidnap & Ransom Tactics
    EXPRESS
    RANSOM
    • Occurs quickly and finishes
    quickly (<24hrs)
    • Grab individual on the
    street and immediately call
    family for ransom
    • Victim often driven to
    various ATMs to empty
    bank accounts
    • Individuals held against
    their will pending payment
    of a ransom
    • Long-term negotiation (3
    days to years)
    • Victim survival rate
    (estimate) of ~90%

    View full-size slide

  30. www.leocybersecurity.com
    30
    Common Kidnap & Ransom Tactics
    EXPRESS VIRTUAL
    RANSOM
    • Victim isolated and out of
    contact for hours (like at a
    movie)
    • Kidnappers convince family
    that they have the victim
    (using pictures, other
    information)
    • Extremely short in duration
    • Occurs quickly and finishes
    quickly (<24hrs)
    • Grab individual on the
    street and immediately call
    family for ransom
    • Victim often driven to
    various ATMs to empty
    bank accounts
    • Individuals held against
    their will pending payment
    of a ransom
    • Long-term negotiation (3
    days to years)
    • Victim survival rate
    (estimate) of ~90%

    View full-size slide

  31. www.leocybersecurity.com
    31
    Common Kidnap & Ransom Tactics
    EXPRESS VIRTUAL
    RANSOM
    • Victim isolated and out of
    contact for hours (like at a
    movie)
    • Kidnappers convince family
    that they have the victim
    (using pictures, other
    information)
    • Extremely short in duration
    • Occurs quickly and finishes
    quickly (<24hrs)
    • Grab individual on the
    street and immediately call
    family for ransom
    • Victim often driven to
    various ATMs to empty
    bank accounts
    • Individuals held against
    their will pending payment
    of a ransom
    • Long-term negotiation (3
    days to years)
    • Victim survival rate
    (estimate) of ~90%
    PSYCHOLOGICAL
    • Also known as extortion
    • Victims will be kidnapped
    or murdered unless payment
    is made
    • Can force a family to pay
    almost as a form of
    insurance
    • Low risk, high-reward
    crime

    View full-size slide

  32. www.leocybersecurity.com
    32
    Less Common K&R Tactics
    TIGER
    • Individuals forced to commit or assist in a
    theft
    • Hostage or hostages are held until the victim
    has met the demands of the criminal
    • Victims often work in banks, post office,
    currency exchange, etc.

    View full-size slide

  33. www.leocybersecurity.com
    33
    Less Common K&R Tactics
    BRIDE
    TIGER
    • Form of forced marriage
    • Often the couple has never met until the day
    of the kidnapping
    • Practiced in the Caucasus region, Central
    Asia, and some African nations
    • Kidnapper may contact bride’s family to
    also demand compensation
    • Individuals forced to commit or assist in a
    theft
    • Hostage or hostages are held until the victim
    has met the demands of the criminal
    • Victims often work in banks, post office,
    currency exchange, etc.

    View full-size slide

  34. www.leocybersecurity.com
    34
    Ransomware Tactics
    • Individuals held against
    their will pending payment
    of a ransom
    • Long-term negotiation (3
    days to years)
    • Victim survival rate
    (estimate) of ~90%
    RANSOMWARE
    • Employed by virtually all ransomware variants
    • Access denied to victim data or entire systems pending payment
    of a ransom
    • Short-term negotiation (hours or days)
    • Victim survival rate, of those that pay, similar to that of actual
    kidnapping schemes
    • But most (95%)* refuse to pay the ransom
    * https://blog.barkly.com/ransomware-prevention-tips-to-avoid-paying-ransom
    RANSOM

    View full-size slide

  35. www.leocybersecurity.com
    35
    EXPRESS
    • Occurs quickly and finishes
    quickly (<24hrs)
    • Grab individual on the
    street and immediately call
    family for ransom
    • Victim often driven to
    various ATMs to empty
    bank accounts
    Ransomware Tactics
    RANSOMWARE
    • Employed by virtually all ransomware variants
    • Less targeted than traditional Express tactics and more
    opportunistic
    • Infect as many as possible for maximum payoff (spray and pray)

    View full-size slide

  36. www.leocybersecurity.com
    36
    VIRTUAL
    • Victim isolated and out of
    contact for hours (like at a
    movie)
    • Kidnappers convince
    family that they have the
    victim (using pictures,
    other information)
    • Extremely short in
    duration
    Ransomware Tactics
    RANSOMWARE
    • Not YET employed by ransomware operators with great
    frequency
    • Some occurrences according* to Citrix study in January 2017
    • Would work well for road-warrior victims that travel great
    distances from their data
    • Making it difficult to validate the claims
    • Expect this one to eventually emerge
    * https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/

    View full-size slide

  37. www.leocybersecurity.com
    37
    PSYCHOLOGICAL
    • Also known as extortion
    • Victims will be kidnapped
    or murdered unless payment
    is made
    • Can force a family to pay
    almost as a form of
    insurance
    • Low risk, high-reward
    crime
    Ransomware Tactics
    RANSOMWARE
    • Employed by virtually all ransomware variants
    • Data will be deleted or publicly released unless the ransom is
    paid
    • Former is traditional threat but latter could be considered
    insurance
    • Low risk, high-reward crime

    View full-size slide

  38. www.leocybersecurity.com
    38
    Ransomware Tactics
    • Individuals forced to
    commit or assist in a theft
    • Hostage or hostages are
    held until the victim has
    met the demands of the
    criminal
    • Victims often work in
    banks, post office,
    currency exchange, etc.
    RANSOMWARE
    • Starting to see this be more common
    • First seen with Popcorn Time Ransomware* in December 2016
    • Attackers telling victims to share the ransomware with friends
    or specific targets
    • Upon payment by those second-stage individuals, the original
    target (mule) will get their files back
    TIGER
    * https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/

    View full-size slide

  39. www.leocybersecurity.com
    39
    EXPRESS VIRTUAL
    RANSOM PSYCHOLOGICAL
    RANSOMWARE RANSOMWARE RANSOMWARE RANSOMWARE
    Common Kidnap & Ransom Tactics
    TIGER
    RANSOMWARE

    View full-size slide

  40. www.leocybersecurity.com
    40
    “How does a man or woman leave
    home in the morning, make the sign
    of the cross and ask for blessings on
    the day’s labors, then proceed to
    violently deprive another individual
    of his or her liberty for ransom?”
    - Richard P. Wright, Author, Kidnap for Ransom
    Kidnap & Ransom Techniques

    View full-size slide

  41. www.leocybersecurity.com
    41
    Kidnap & Ransom Techniques
    Alternatively titled ”How they get you”
    • Less common, higher
    risk
    • Find a random victim
    and grab them
    • Hope that the victim
    is valuable enough to
    someone to facilitate
    a ransom
    Methods
    • Opportunistic grab
    • Force into
    vehicle/building
    under threat of harm
    OPPORTUNISTIC
    02
    • Most common, higher
    reward
    • Track victim
    movements, habits,
    patterns
    • Research victim’s
    wealth and value
    Methods
    • Capture at time of
    kidnappers choosing
    • Transport victim to
    controlled site pre-
    arranged for long-
    term negotiations
    TARGETED 01

    View full-size slide

  42. www.leocybersecurity.com
    42
    Ransomware Techniques
    Alternatively titled ”How they get you”
    • Very common
    • Spray and pray
    approach
    Methods
    • Email attachments
    • Email links
    • Exploit kits
    • Cloud storage
    • Social media
    • Malvertising
    OPPORTUNISTIC
    02
    • Less common
    • Crafted to evade
    victim’s defenses
    • Extort large sums of
    money from
    businesses and
    wealthy
    individuals/families
    Methods
    • Emails
    • Removable media
    • Business applications
    TARGETED 01

    View full-size slide

  43. www.leocybersecurity.com
    43
    "I don't know who you are. I don't know what you
    want. If you are looking for ransom, I can tell you I
    don't have money. But what I do have are a very
    particular set of skills. Skills I have acquired over a
    very long career. Skills that make me a nightmare
    for people like you. If you let my daughter go now,
    that will be the end of it. I will not look for you, I
    will not pursue you. But if you don't, I will look for
    you. I will find you. And I will kill you."
    - Liam Neeson, Taken
    Kidnap & Ransom Procedures

    View full-size slide

  44. www.leocybersecurity.com
    44
    Kidnap & Ransom Procedures
    NEGOTIATE
    PAYMENT
    Highest likelihood that the victim
    will be returned unharmed.
    Highest likelihood that the data or
    system will be returned.
    KIDNAP & RANSOM
    RANSOMWARE
    KIDNAP & RANSOM
    RANSOMWARE

    View full-size slide

  45. www.leocybersecurity.com
    45
    Kidnap & Ransom Procedures
    NEGOTIATE
    PAYMENT
    REFUSE
    PAYMENT
    Highest likelihood that the victim
    will not be returned alive or in one
    piece.
    Highest likelihood that the data or
    system will not be recovered at all.
    KIDNAP & RANSOM
    RANSOMWARE
    KIDNAP & RANSOM
    RANSOMWARE

    View full-size slide

  46. www.leocybersecurity.com
    46
    Kidnap & Ransom Procedures
    ATTEMPT
    RESCUE
    NEGOTIATE
    PAYMENT
    REFUSE
    PAYMENT
    High risk of injury or death to the
    victim. K&R insiders say ultimately
    paying up is the most reliable way of
    getting someone back alive.
    Depends entirely on the technical
    ability of the recovery team, the
    complexity of the ransomware, and
    (ultimately) time available.
    KIDNAP & RANSOM
    RANSOMWARE
    KIDNAP & RANSOM
    RANSOMWARE

    View full-size slide

  47. www.leocybersecurity.com
    47
    Agenda
    Introduction
    Summary
    Ransomware TTPs and K&R Doctrine
    The History of Kidnap and Ransom (K&R)
    Preparing For The Next Wave

    View full-size slide

  48. www.leocybersecurity.com
    48
    CRYPTOCURRENCY
    STOCKPILE
    PREVENTATIVE TOOLS
    DETECTIVE TOOLS
    RESTORATIVE TOOLS
    Preparing For The Next Wave
    TECHNICAL

    View full-size slide

  49. www.leocybersecurity.com
    49
    TABE TOP EXERCISES
    BUSINESS RISK ASSESSMENTS
    CYBER INSURANCE
    EDUCATION
    CRYPTOCURRENCY
    STOCKPILE
    PREVENTATIVE TOOLS
    DETECTIVE TOOLS
    RESTORATIVE TOOLS
    Preparing For The Next Wave
    TECHNICAL
    NON-TECHNICAL

    View full-size slide

  50. www.leocybersecurity.com
    50
    Contact DOs and DON’Ts
    K&R DOs
    • Attempt to verify that the kidnapping has
    actually occurred.
    • Start a case record or establish a journal of all
    events.
    Ransomware DOs
    • Attempt to verify that the data theft or
    encryption has actually occurred.
    • Start a paper case record or establish a journal
    of all events. Assume your electronic mediums
    are being monitored.

    View full-size slide

  51. www.leocybersecurity.com
    51
    Contact DOs and DON’Ts
    DOs
    • Tape all conversations.
    • Demonstrate a willingness to cooperate in
    reaching a solution.
    • Let the kidnapper know that you are taking the
    conversation seriously and making notes.
    Ransomware DOs
    • Tape/record/document all conversations.
    • Demonstrate a willingness (if you can establish a
    communications channel) to cooperate in
    reaching a solution.
    • Let the kidnapper know that you are taking the
    conversation seriously and making notes.

    View full-size slide

  52. www.leocybersecurity.com
    52
    Contact DOs and DON’Ts
    DOs
    • Make sure they understand that you are not the
    final arbiter and that you will facilitate
    communication with those who can actually
    make decisions.
    • Obtain and write down specific detailed
    instructions, demands, comments, and
    requirements.
    Ransomware DOs
    • Make sure they understand that you are not the
    final arbiter and that you will facilitate
    communication with those who can actually
    make decisions.
    • Obtain and write down (on paper) specific
    detailed instructions, demands, comments, and
    requirements.

    View full-size slide

  53. www.leocybersecurity.com
    53
    Contact DOs and DON’Ts
    DOs
    • Try to obtain a code by which to identify the
    kidnapper in future communications.
    • Establish a time frame for subsequent
    communications if possible.
    Ransomware DOs
    • Try to obtain a code by which to identify the
    attacker in future communications.
    • Establish a time frame for subsequent
    communications if possible.

    View full-size slide

  54. www.leocybersecurity.com
    54
    Contact DOs and DON’Ts
    K&R DON’Ts
    • Make any promises that later cannot be kept;
    specifically avoid offering a specific sum or
    agreeing to ransom demands.
    • Provide any additional information to the
    kidnapper.
    • Threaten the kidnapper or engage in verbal
    abuse or confrontational rhetoric.
    Ransomware DON’Ts
    • Make any promises that later cannot be kept;
    specifically avoid offering a specific sum or
    agreeing to ransom demands.
    • Provide any additional information to the
    ransomware attacker.
    • Threaten the ransomware attacker or engage
    in verbal abuse or confrontational rhetoric.

    View full-size slide

  55. www.leocybersecurity.com
    55
    Contact DOs and DON’Ts
    K&R DON’Ts
    • Beg or show nervousness, fear or suspicion.
    • Become sidetracked by outside disruptions or
    allow yourself to become distracted.
    • Accept conditions; later calls will establish
    parameters and conditions.
    Ransomware DON’Ts
    • Beg or show nervousness, fear or suspicion.
    • Become sidetracked by outside disruptions or
    allow yourself to become distracted.
    • Accept conditions; later communications may
    establish additional parameters and
    conditions.

    View full-size slide

  56. www.leocybersecurity.com
    56
    Agenda
    Introduction
    Summary
    Ransomware TTPs and K&R Doctrine
    The History of Kidnap and Ransom (K&R)
    Preparing For The Next Wave

    View full-size slide

  57. www.leocybersecurity.com
    57
    Summary
    Be aware of the traditional K&R tactics, techniques, and procedures as they
    ARE quickly emulating traditional K&R doctrine. Negotiate when you can,
    pay if you are forced to, fight if you think you can win.
    OMG WTF, K&R TTPs
    What has historically worked will ultimately be reused –
    especially when the ROI and risk/reward equation make
    ransomware a more attractive extortion technique.
    MUCH CAN BE LEARNED FROM HISTORY
    A combination of of technical and non-technical controls are
    needed to mitigate current and future ransomware campaigns.
    Don’t discount the value of cyber insurance.
    PREPARATION IS KEY
    02
    03
    01

    View full-size slide

  58. www.leocybersecurity.com
    58
    Thank You
    Questions?
    www.leocybersecurity.com
    LEO Cyber Security
    2000 McKinney Avenue,
    Suite 2125,
    Dallas, TX 75201
    +1.469.844.3608
    www.leocybersecurity.com
    Andrew Hay, Co-Founder and CTO,
    LEO Cyber Security
    +1.650.532.3555
    [email protected]
    @andrewsmhay

    View full-size slide