"Crime Time" | Rethinking Ransomware and How to Disrupt It

Channel:
United States SANS Institute
Subscribers:
64,099
Published on ● Video Link: https://www.youtube.com/watch?v=gPJqtK-qP2E


Category:
Guide
Duration: 29:33
1,084 views
27

SANS Ransomware Summit 2022

Speakers:
Diana Selck-Paulsson, Lead Security Researcher, Orange Cyberdefense Charl van der Walt, Global Head of Security Research, Orange Cyberdefense

It seems to us that we're losing ground against the ransomware problem, and so fresh and diverse perspectives are needed. In this presentation we step away from purely technical perspectives to explore how the discipline of criminology can help us understand the current ransomware threat as what it really is, a crime, and through this lens develop fresh ideas on how we can disrupt the ongoing threat. We employ a classical criminological framework called "Routine Activity Theory" (yes: RAT) that has been successfully applied to online crimes in the past. The framework describes three pillars (motivated offender, suitable target & the absence of a capable guardian) that increase the likelihood for a crime to take place. To make this examination "real," we have collected ransomware leak site data from the dark web and have identified, classified, and documented over 4,200 victims posted on these sites between January 2020 and February 2022. Combined with the over 200,000 messages disclosed through ContiLeaks, and over 200 unique contextual data points collected from negotiation chats, press releases and ransomware leak sites within a period of 12 months, we have a rich set of powerful data through which the formal theory can be refined and tested. By applying the Routine Activity Theory framework, we argue that if only one of the three pillars is disrupted, the likelihood for a crime to occur decreases significantly. With this knowledge, we then look at each pillar, developing strategies to disrupt one or several crime components to disrupt ransomware as a whole. We also propose the term "cyber extortion" be used instead of "ransomware" to cater for the development and nuances of the crime, and to help us avoid the trap of seeing it through a purely technical filter.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE



Other Videos By SANS Institute


2022-08-17Ransomware Management and Recovery Tactics
2022-08-17Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors
2022-08-17The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes
2022-08-17Can you Detect This? | Inside The Ransomware Operator's Toolkit
2022-08-17Initial Access Merchant Offerings & Ransomware Victims: Mapping Breached Entities & Threat Actors
2022-08-17Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement
2022-08-17SANS Netwars Core Tournament Version 8 Demo
2022-08-16Cyber Security Expertise - Where Should You Begin?
2022-08-11Kaseya Ransomware Reaction - Lessons Learned
2022-08-02The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators
2022-07-29"Crime Time" | Rethinking Ransomware and How to Disrupt It
2022-07-27Security Conversations That Matter | Seat At The Table
2022-07-20The Anatomy of a Targeted Industrial Ransomware Attack
2022-07-19Enterprise Journey to Multicloud Security
2022-07-19Detection-In-Depth: Out of Band Monitoring for Critical Process Parameters-Gus Serino
2022-07-19I Can’t Get That Out of My Memory! A PLC’s Story About Love, Loss, and Triumph- Jeffrey Shearer
2022-07-19Making Use of All Those SBOMs-Eric Byrnes
2022-07-19Board Room Decisions: How to Use Threat-Informed Industrial Risk Management-Jason Christopher
2022-07-14SANS@Night - Blueprint Podcast Live [REPLAY]
2022-07-07Panel | Self-Management Strategies for Avoiding Burnout, Staying Healthy, and Getting Stuff Done
2022-07-06The Real STEM Sadie: Owning Your Story


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training