2021-11-20, 15:00–15:50, Hackfest - Track 1
Ransomware attacks are sudden and one click away. For this reason, we should assume that ransomware attack will occur and be prepared for handling ransomware incident.
According to the FBI's report, more than 4,000 ransomware attacks have occurred daily since January 2016. Ransomware attacks also have become more sophisticated. It is only one click away. A phishing email can leave a whole business in trouble. For this reason, we should assume that ransomware attacks will occur and be prepared for it. However, there are several challenges. First of all, there is so much data to analyze and this makes easy for threat actors to hide in plain sight.
In this session, I will talk about hunting for ransomware attacks and handling ransomware incidents.
Threat Hunting Scenarios
MITRE ATT&CK and TTP based hunting
Endpoint Based Hunting
Network Based Hunting
Cyber Kill Chain Detection
Incident Response Phases