Lessons from BSides ATL and ISSA GA

BSides Atlanta:

  • Ransomware is adapting to evade countermeasures
  • Train your users to identify phishing emails
  • Manually test your backups at least monthly or depending on how many days worth of data you are willing to lose

How do I recover from a ransomware outbreak?

  • Remain calm
  • Isolate the machine from network
  • Look online for a decrypter
  • Got backups? You better !
  • Image patient zero
  • Wipe whole machine and restore from backup
  • Discuss lessons learned


  • Secure the weakest link a.k.a users
  • User education can either be mandated using stick or carrot methods
  • Carrot methods of user education include rewards, stickers, competitions used to provide user education
  • Stick methods of user education can be in form of metrics per department, mandated through HR and performance appraisals, and disabling access of users that failed to complete awareness training