Lessons from BSides ATL and ISSA GA
- Ransomware is adapting to evade countermeasures
- Train your users to identify phishing emails
- Manually test your backups at least monthly or depending on how many days worth of data you are willing to lose
How do I recover from a ransomware outbreak?
- Remain calm
- Isolate the machine from network
- Look online for a decrypter
- Got backups? You better !
- Image patient zero
- Wipe whole machine and restore from backup
- Discuss lessons learned
- Secure the weakest link a.k.a users
- User education can either be mandated using stick or carrot methods
- Carrot methods of user education include rewards, stickers, competitions used to provide user education
- Stick methods of user education can be in form of metrics per department, mandated through HR and performance appraisals, and disabling access of users that failed to complete awareness training