
Keynote | Adapting Tradecraft: Examining Ransomware Attacks in 2024 - Insights from The DFIR Report
Peter O, Cyber Threat Analyst, The DFIR Report
Angelo Violetti, Swisscom CSIRT
Ransomware attacks continue to be highly prevalent, impacting a significant number of organisations. Whilst there has been some impacts to counter this threat, ransomware operators continue to adapt their tradecraft to ensure they are successful in their mission, to elicit a financial reward from a compromised victim network. The DFIR Report throughout 2024 have investigated and analyzed a number of ransomware attacks, providing a rich understanding of how an attack unfolds, how the ransomware operator navigated a compromised environment and how effects were delivered.
In this presentation, we will share our observations, what new and interesting techniques were detected, common methods and familiar tools used by the ransomware operator. Join us as we take you through the journey of an attack, some of the trends, and how to develop defensive measures to counter this threat.
- Initial access - From delivery through to persistence
- Domain takeover - Methods of lateral movement, and objectives
- Tooling - Common and bespoke tooling, including living off the land and bringing your own
- Hands-on keyboard - Observing ransomware operators at the command-line and via the GUI
View upcoming Summits:
#RansomwareSummit #Ransomware #RansomwareAttack #DigitalForensics