Christian Hyatt and Cory Wolff Demonstrate Ransomware Responses

Like technology, our ability to continually adapt to meet its demands requires advancement. Being proactive can set up your business for success long before threats create chaos upon arrival. Not only does your game plan and response count today, but also what you’re willing to concede pursuing a solution.

In this archived keynote session, Risk3sixty’s Christian Hyatt and Cory Wolff show us how to respond to a ransomware attack during our ‘Cyber Resilience 2023’ live virtual event. The event was presented by InformationWeek and ITPro Today. This excerpt is from their live presentation moderated by Steve Hill on August 24, 2023.

View the entire ‘Cyber Resilience 2023’ event on-demand here.

A transcript of the video follows below. Minor edits have been made for clarity.

Christian Hyatt: Let me give you a little bit of context and background on why me and Cory are going to be talking about ransomware and some of the goals we have for this presentation today. Steve did a great introduction, so thank you for that. So as a firm, risk3sixty, we do audits and certifications – the alphabet soup of different security certifications. More importantly, we also help implement security programs and manage security programs. This gives us a unique perspective by auditing and assessing security programs, but also building them out ourselves and running them every day. Cory, he’s the head of our offensive security practice, so he gets to emulate the attackers and try to break systems. Then, we’ll try to fix those systems.

That different suite of services gives us a very interesting perspective on security programs, broadly speaking, and then the technical systems underneath them. Today, we were asked to talk about ransomware. Cory, who’s an expert on the subject, did some research and we’re going to explain what a ransom is. Who’s the ‘who’ behind the ransomware? I know many of you are in security or in IT, and maybe you need the words to say to your leadership, to provoke them to take action to build a more robust security program to prepare for things like ransomware. We’ll talk about the economics behind it.

How big of an impact is it on the industry? Is this something you can ignore, or should you be taking action? Again, I’ll talk about who the bad guys are. The part I’m really excited about is Cory and I are going to offer a red team vs. blue team perspective. Meaning Cory is going to walk through actual playbooks that some of these ransomware crews are using and talk about how they’re getting in. Then, we’ll switch to the good guy perspective, the blue team perspective, and talk about some controls that you can be thinking about right now to implement. So, that’s our agenda. Cory, is there anything you want to add?

Cory Wolff: No, I don’t think so. I think you do a good job of explaining what we’re trying to do today. I really look forward to getting into the ‘how’ of it.

CH: I’ll let everyone look at this for a second. This is a slide that I’ve been using for several years now, even on campus, which is one of my favorite places to speak. We go to the universities here, across Georgia, where I’m at. Over the last couple years, I always asked one question. Who knows what this is? Every year, I see less and less hands of people who know what this comes from. This was the first year no one raised their hand, meaning no one in the whole class of IT students knew what they were looking at here. So, Cory, do you know what we’re looking at? What is this from?

CW: I believe it’s Oregon Trail.

CH: Yeah, the Oregon Trail is a classic and one of my one of my first computer games. And if you don’t know what the Oregon Trail is, the concept is dated back in the late 1800s. It portrayed settlers that were moving from the East Coast to the West Coast, usually by horse and wagon. It was like a role-playing game where we get to build and name a family. You get to hunt along the way and try to keep your family alive to make it to the destination on the west coast. If you guys remember playing it on a floppy disk, well you can play it online today. But what’s interesting about this is it’s the late 1800s and literally people were moving west, in horse and wagon. That’s where we were in the late 1800s. Does anyone know who this guy is? Cory, do you recognize this person?

CW: I don’t, I know I should, but I don’t right now.

CH: So, this is Henry Ford. In the early 1900s, Ford’s Model T came out and changed everything. You go from the Oregon Trail in the late 1800s to the Model T in the early 1900s. Between 1908 and 1960, almost 4 million miles worth of roads were built. I’m kind of a history buff so I like to think about what’s going on in the world at those different times. One of the things I think about is people were living in a revolution at that time. Also, think about everything that happens because of road travel; people got new jobs, asphalt companies were created, stop sign companies, people who are maintaining roads, and the overall ability to travel across the country. Now, the Oregon Trail is obsolete because you could just drive across the country and so much changed during that time. I always think to myself, when you’re living in such a revolutionary time, do you know that you’re living in that revolutionary time? Many people probably did at this time.

And that takes us to our modern day. What revolution are we living in? This is our digital universe, and this is the data creation by volume and zettabytes year over year. The key takeaway here is in the last two years, more data has been created and stored than was created and stored through all human history. So, we’re seeing this explosion of data creation and storage that’s become a trend. Then, think about what’s happening in terms of the shared risk model. Every company is creating unparalleled amounts of data. We’re each individually creating unparalleled amounts of data and sharing that data with key service providers.

Everyone can think about their own business and who you’re relying on to conduct business with. You probably use a payroll company, cloud service provider, or maybe you’re using an HRIS system. Whatever you’re using, you’re sharing critical data with a whole ecosystem of service providers. That means functionally, not only do you have to worry about your own cybersecurity, but you also must worry about the cybersecurity of your business partners that can also put you at risk.

So, we’re thinking about these trends that are happening – unparalleled data creation, sharing all that data with numerous third parties who must also worry about their cybersecurity posture, and then we get to the problem.

Watch the entire ‘Cyber Resilience 2023: How to Keep IT Operations Running, No Matter What’ live virtual event on-demand here.

What to Read Next:

Speaker Spotlight: risk3sixty’s Christian Hyatt on Offensive Security and Empowering the Next Generation of IT Professionals

To Pay or Not to Pay? The Ransomware Dilemma

IT Resilience and How to Achieve It