Lessons from BSides ATL and ISSA GA

BSides Atlanta:

  • Ransomware is adapting to evade countermeasures
  • Train your users to identify phishing emails
  • Manually test your backups at least monthly or depending on how many days worth of data you are willing to lose

How do I recover from a ransomware outbreak?

  • Remain calm
  • Isolate the machine from network
  • Look online for a decrypter
  • Got backups? You better !
  • Image patient zero
  • Wipe whole machine and restore from backup
  • Discuss lessons learned


  • Secure the weakest link a.k.a users
  • User education can either be mandated using stick or carrot methods
  • Carrot methods of user education include rewards, stickers, competitions used to provide user education
  • Stick methods of user education can be in form of metrics per department, mandated through HR and performance appraisals, and disabling access of users that failed to complete awareness training
Show Comments