Skip to content

Black Hat and Defcon didn’t do much with ransomware – and that’s OK

Posted by:
2 min read

August 9, 2021 – Article posted on SC Media

For most enterprise cybersecurity pros, the major plotline of 2021 has been ransomware. There was Colonial Pipeline, JBS, and Kesaya, creating headlines spanning the gamut of sectors, business sizes, and infrastructural importance. 

Yet at Black Hat, one of the premiere cybersecurity conferences of the year, there were zero talks with ransomware in the title. There were a total of two main-stage talks about ransomware at Defcon — the second of the two major cybersecurity conferences this week, both in Las Vegas — including a well-stocked panel about potential policy solutions. But for a year dominated by ransomware concerns, the major events were not. 

“It would have been surprising to me, until I was asked about it for the last six months. ‘Victor, talk to me about your normal pentest methodology. Now talk to me how it would be different if we wanted a specific focus on ransomware,’” said Victor Wieczorek, vice president of application security and threat and attack simulation at GuidePoint Security. “I tried really hard to figure out what the differences are, and there’s nothing,  there’s literally nothing different about what you do.”

His point, reiterated by others, is that ransomware brings nothing terribly unique except, in the end, victims may be coerced into paying ransoms. These are crimes of opportunity more than ingenuity. The ransomware operator might get into a network through phishing or a common vulnerability, They might encrypt files, but only by using common encryption techniques. They might launch a DDoS attack, but only using standard methods. They might exfiltrate files, but they leave the same markers as anyone who came to steal the files for any reason at all. 

In other words, if you can solve phishing, or identify a new vulnerability, or break common encryption, you have done something that solves far more problems than just ransomware. The damage ransomware can cause is unique, but the back-to-basics technical approach to fighting it could not be more mundane. 

“These are the fundamentals you have to do for security,” Wieczorek said.

Read More HERE.

Categories: Cybersecurity News

GuidePoint Security

GRIT Ransomware Report-2024-Q2
Following an increased pace of observed ransomware operations in Q1 2024, Q2 saw a continued increase in reported victims relative to Q1 2024. This increase was paired with an increase in distinct active ransomware groups between Q1 and Q2, continuing the trend of diffusion of victims between a greater number of seemingly distinct groups.
Download Now

Related Articles

View All

  • Blog
WWDMD – What Would Dade Murphy Do? – Reconnaissance & Intelligence Collection for External Penetration Tests
Posted by: GuidePoint Security
Read More 16 min read
  • Blog
SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment
Posted by: Marshall Price
Read More 16 min read
  • GRIT Blog
GRIT Ransomware Report: May 2024
Posted by: Justin Timothy
Published 06/13/24, 08:45am
Read More 18 min read