DESCRIPTION

Fortunately, more and more Ransomware attacks are detected and mitigated before it’s too late. But there is still a high number of cases where the victim only learns about the attackers being in the network when everything has already been encrypted. This talk will dive into how those encryption tools work, what limitations they have, and why they are so fast. We’ll look at decryption options, and why decryption is usually the least desirable option (apart from having to pay for it, most of the time). And then there’s also the problem that the attackers sometimes get things wrong, write bad code or simply mess with the victims environment in a way that makes it really hard to get the data back – or not getting back it at all. Other aspects include law enforcement complicating things, disk space issues and ways to extract data from encrypted files without paying for it.

WHY THE COMMITTEE CHOSE THIS TALK

In every ransomware case there is that ONE file that wasnt in the backup. Knowing how ransomware encryption works is essential for the blueteam.

SPEAKER

Jasper Bongertz