Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=CIqGCPRY8WU


Category:
Guide
Duration: 32:01
875 views
15

SANS Ransomware Summit 2022

Speaker: Nick Klein, Certified Instructor, SANS Institute

While there are many technical resources available for preparing and responding to ransomware attacks, there's very little practical guidance for one of the most difficult phases of response - how to engage with an attacker, and whether to pay a ransom. We often hear "we'll never pay a criminal" and while this is an idealistic response, organizations need to appreciate the difficult and nuanced issues associated with making these decision - and the implications if they do choose to pay, or not. This presentation walks through a detailed methodology which we have effectively used on hundreds of ransomware cases, to help victim organizations to: 

• properly identify and assess the risks associated with attacker engagement and payment 
• consider alternative approaches for recovering, which don't involve paying a ransom
• walk through the decision trees to confidently answer the question "to pay or not to pay"
• understand the implications and next steps, whether a payment is made, or not.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE



Other Videos By SANS Institute


2022-08-23Quick Wins in Cloud Compliance: AWS
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Ransomware
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Cloud Security
2022-08-19SANS Cyber Solutions Fest 2022 - Track: SOC & SOAR
2022-08-19SANS Cyber Solutions Fest 2022 - Track: Threat Hunting & Intelligence
2022-08-17Ransomware Management and Recovery Tactics
2022-08-17Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors
2022-08-17The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes
2022-08-17Can you Detect This? | Inside The Ransomware Operator's Toolkit
2022-08-17Initial Access Merchant Offerings & Ransomware Victims: Mapping Breached Entities & Threat Actors
2022-08-17Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement
2022-08-17SANS Netwars Core Tournament Version 8 Demo
2022-08-16Cyber Security Expertise - Where Should You Begin?
2022-08-11Kaseya Ransomware Reaction - Lessons Learned
2022-08-02The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators
2022-07-29"Crime Time" | Rethinking Ransomware and How to Disrupt It
2022-07-27Security Conversations That Matter | Seat At The Table
2022-07-20The Anatomy of a Targeted Industrial Ransomware Attack
2022-07-19Enterprise Journey to Multicloud Security
2022-07-19Detection-In-Depth: Out of Band Monitoring for Critical Process Parameters-Gus Serino
2022-07-19I Can’t Get That Out of My Memory! A PLC’s Story About Love, Loss, and Triumph- Jeffrey Shearer


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
ransomware summit 2022
sans ransomware
ransomware summit