The impact of the Colonial Pipeline hack on millions of homes and businesses is a sobering reminder of the way ransomware can paralyze essential infrastructure. Sadly, this strategy seems to be paying off for some hacking groups, as they see their success in payouts and financial value increasing—with multi-million dollar payouts now the new normal. Many of these at-risk industries have made the decision that ransom payment is the best of a bad set of options available to them.

Malicious actors continue to adjust their ransomware tactics over time, to include pressuring victims for payment by threatening to release stolen data if they refuse to pay, and publicly naming and shaming victims as secondary forms of extortion. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations. 

Part 1: Prepare for a Ransomware Attack

• Review of recent Ransomware Attacks, Active Ransomware Groups, Impact of a Ransomware Attack

• How Ransomware Attacks Work: Attack Stages—Before the Attack, During the Attack, After the Attack

• Ransomware Best Practices and Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept. 2020

• Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile

• Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)

• Ransomware Awareness: CISA Ransomware Guidance and Resources -  Ransomware | CISA

• Cybersecurity Insurance: Beazley Breach Response (BBR)

Part 2: Recent Ransomware Attacks and the MITRE ATT&CK Framework

• What is the MITRE ATT&CK Framework?: MITRE ATT&CK®

• MITRE ATT&CK Framework: Darkside Ransomware (See reference)

• MITRE ATT&CK Framework: Avaddon Ransomware (See reference)

• MITRE ATT&CK Framework: Conti Ransomware (See reference)

• MITRE ATT&CK Framework: Sodinokibi Ransomware (See reference)

• Mapping the MITRE ATT&CK Framework to the NIST Cybersecurity Framework

Part 3: Protect Against a Ransomware Attack

• Ransomware Best Practices and Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept. 2020

• Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile

• Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)

• Additional references that focus on Preventing a Ransomware Attack

Part 4: Detection and Analysis of a Ransomware Attack

• Ransomware Best Practices and Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept. 2020

• Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile

• Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)

• Additional references that focus on Detecting and Analyzing a Ransomware Attack

Part 5: Containment and Eradication of a Ransomware Attack

• Ransomware Best Practices and Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept. 2020

• Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile

• Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)

• Additional references that focus on Containment and Eradication of a Ransomware Attack

Part 6: Recovery and Post-Incident Activity

• Ransomware Best Practices and Recommendations: Based on CISA/MS-ISAC Ransomware Guide, Sept. 2020

• Ransomware Risk Management: Based on Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile

• Center for Internet Security (CIS Security) Ransomware Primer: Security Primer – Ransomware (cisecurity.org)

• Additional references that focus on Recovery and Post Incident Activity – Ransomware Response Checklist

Part 7: Review / Summary / Next Steps

• Review of Best Practices

• Summary of activities before the attack: Prepare and Protect

• Summary of activities during the attack: Detect and Analyze

• Summary of activities after the attack: Contain and Eradicate

• Review of follow-up activities: Recover and Post Incident

• Next Steps / Action Plan

Location and cost:

Three 90-minute sessions will be conducted live using the ON24 web platform. You can take this course on the live dates or by viewing the on-demand recordings at your pace.

Course price: $295
Early bird price if you register before 10/31/21: $250 
(includes all parts and access to the on-demand recording for 12 months for one user; group rates available)

Attendees will earn 5 CPE credit hours.

If you have any questions, please contact Tom Bechtold at TomB@secureworldexpo.com or 503-303-7871.

Moderator
speaker photo
Instructor: Larry Wilson
CISO, Worcester Polytechnic Institute

Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.