Abstract
When an end user reports some "strange looking file names", which, after investigating, you discover include several hundreds of Gigabytes of encrypted data, you of course know you are going to have a bad day. Your AV solution has failed you, your firewall has failed you, and your SIEM has failed you. Basically, every piece of security infrastructure you have put your trust (and money) into has left you out in the cold and you thank ${deity_of_choice} that at least the nightly backup was completed successfully. Spin up the tape drive, and soon you will be back in business, or not…?
This talk is about failure. Not only about a failing security infrastructure, but also about failure in doing the Right Thing™ as a first responder, about the failure of Operating System tools, failing APIs, and ironically, also the failure of malware (which is unfortunately not as positive as it may sound). The scenario presented comes pretty close to the worst chain of events you can imagine, in an attempt to recover from a ransomware incident.
Luckily – this story has a happy ending. We will reveal how one can be prepared for when both Count Olaf and Murphy come knocking on your door simultaneously.

Bio
Mattijs van Ommeren has been poking hardware and software for 15 years. He has spent most of his working life as a security consultant, attacking and defending both traditional IT environments as well as more esoteric embedded devices and industrial systems. Presently he has a lot of fun at Nixu.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...