HomeЛюди и блогиRelated VideosMore From: NICconf

NIC 5th Anniversary - Ransomware: Protect, detect and recover

8 ratings | 560 views
By: Arne Klæboe Co-speaker: Jonny Lyse Ransomware is on the rise and becoming a real threat to many organizations. At the same time, protecting against this threat is very complex and few organizations have the means to do so. In this session we will present how to combat one of the most common types; CryptoLocker. You will learn how to protect, detect and recover from various CryptoLocker mutations by using Big Data solutions, Power Shell, Next Generation Firewall and IPS. Our team will present some of the ways to protect users against CryptoLocker on the network layer. By using a Next Generation Firewall with IPS and anti-malware, most malware will be stopped before it actually reaches the user. In a live demo we will show you how a hostile website is unable to infect the user due to protective measures. However, even with the world’s most fancy security solutions in place some infections are inevitable. To show you what happens when you get infected we will disable the security features and present ways to detect an infection that passes the protective barriers. We will also demonstrate how to set up the relevant monitoring of logs in a Big Data log monitoring system (Splunk). Lastly, after you have been infected by ransomware you need to clean up; a messy but important task. We will cover some smart ways to identify and restore files that have been encrypted by the malware to get your users quickly back to being productive.
Html code for embedding videos on your blog
Text Comments (2)
friskus (2 years ago)
Newer generations of cryptolocker\ransomware seems to have unique file headers, and thus rendering CryptoRestore GUI useless. How do you approach this?
( ͡° ͜ʖ ͡°) (2 years ago)
The fun starts 17:09 :D

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.