Ransomware goals and objectives have largely remained unchanged, but the underpinning tradecraft has been evolving to counter defensive measures. Throughout 2023, The DFIR Report investigated and analyzed numerous ransomware attacks, uncovering a wealth of valuable insights. In this presentation, we delve into the intriguing tools and techniques that emerged over the past year, from access, lateral movement to methods of concealment. Our discussion will not only highlight these advancements but also shed light on proactive detection methodologies aimed at identifying malicious activity in the early stages of the attack lifecycle.
Join us as we explore the evolving landscape of ransomware tactics and strategies, providing actionable insights for bolstering cybersecurity defenses.
- Lateral movement by operators
- Evasion
- Blending in, and other unusual methods
- Tooling
- Custom tooling, living off the land and bring your own
- Hands-on hacking
- Command blunders, and other interesting activities
View upcoming Summits: www.sans.org/u/DuS
SANS Ransomware Summit 2024
Evolution of Ransomware Tactics in 2023: Insights from The DFIR Report
Peter O, Cyber Threat Analyst, The DFIR Report
Maxime Thiebaut, Incident Response & Digital Forensics Analyst , NVISO CSIRT