Select Page
Our Ransomware Panelists Answer Your Questions

Our Ransomware Panelists Answer Your Questions

CISO Interviews, Featured

Charles Carmakal, SVP & CTO at FireEye Mandiant, Jonathan Holmes, Supervisory Special Agent at FBI Cyber – Major Cyber Crimes Unit, Teresa Tonthat, Vice President of IT & CISO at Texas Children’s, and Thomas Millar, Senior Advisor at Cybersecurity and Infrastructure Security Agency (CISA) collaborated to answer viewer questions from our latest webinar, “Don’t Be Held Up for Ransom(ware)”. If you missed this webinar or would like to watch it again, you can view it below.

What are one or two of the top strategies (at a high level), that organizations can implement to drastically lower their risk of a successful ransomware attack?

At a high level, organizations should do the following:

1. Reduce their attack surface (e.g. MFA on remote access, patch Internet-facing systems, and strong DMZ controls)

2. Minimize credential exposure when on systems (e.g. disabling wdigest, Protected Users Security Group)

3. Minimize lateral movement within the internal network.

More technical details can be found here.

What is the likelihood that bad actors will start to sell information about how to breach the victim companies, so that even if they don't do it again, someone else gets a head start on doing it?

It is possible that some actors will publicize details of how they breached organizations, likely to further embarrass victims. However, the same general approach is used to break into organizations over and over, so it's well documented.

At times it appears as though communication with the FBI is a one-way street where private organizations provide but we don’t get robust context or actionable information in return. I understand that a lot of this is due to confidentiality, but how can we make collaboration with the FBI more valuable bi-directionally to get ahead of these campaigns?

While organizations may not see immediate results, the FBI has had several positive outcomes with respect to indictments, arrests, and other actions that have helped organizations over the long term.

Charles, while I generally agree with your view on "Pay or not Pay," I still lean towards not paying. Why? Because I am not a believer in the trustworthiness of criminals. As you later mentioned, there will still be backdoors, they still have a copy of your data, and there is no guarantee that they will provide the decryption keys. What are your thoughts on this?

I agree, you can only trust threat actors so much. Before paying an actor, we look at historical track records with actors. Have they provided working decryption tools? Have they published data after being paid? Etc. You will also ask the threat actor for proof of working decryption tools (i.e. you provide them with a sample of encrypted data to decrypt) or a list of the files that were stolen. Those data points are considered as part of the payment evaluation process. And yes, I do agree that threat actors are criminals, and they can go back on their word at any time.

What should a company do when they realized they have no option but to pay the ransom? What’s the first step they should take, and can you name a few entities who they should reach out to first? How should they approach such entities (especially when there is no prior engagement)?

They should seek advice from the experts: legal, forensics, negotiator, and law enforcement. Let me know if you'd like specific recommendations of firms that can help.

What is the approximate frequency of Ransomware attacks?

We are aware of multiple intrusions almost every single day.

If you enjoyed this webinar, be sure to visit Second Thursdays for other great cybersecurity webinars.


Stagehand: S1 Episode 8

Stagehand: S1 Episode 8

Carl Timmons was given 24 hours to decide what he wanted to do. This was a tactic. Twenty four hours to sit alone and think about all the money he could want and the price he’d pay for it. And 24 hours to also contemplate what Andre Savin might do to him before he...

Stagehand: S1 Episode 7

Stagehand: S1 Episode 7

Andre Savin and Lincoln Palmer had met on several occasions and had the type of relationship you’d expect between two men of their standings on the billionaire scale. Contemptuous but also understanding. They were both driven by the same desire—access to...

Stagehand: S1 Episode 6

Stagehand: S1 Episode 6

Belfast, New York - 1889 They called him The Boston Strong Boy—arguably the first real boxing star and one of the highest paid athletes of his time.  He’d always been good at school. He attended Boston College where his parents thought he might pursue a life in the...

What Is Zero Trust Anyway?

What Is Zero Trust Anyway?

About three minutes into planning this post, I had one of those “god, I am old” moments. Here is why I had the moment. I have worked in cybersecurity since 1994. My first job was at a big 3 working for the U.S. government through one of the world’s...

Stagehand: S1 Episode 5

Stagehand: S1 Episode 5

Kuwait, 1990 I’m launched out of a submarine a few miles off the coast of Kuwait City. When I swim to shore, I quickly change into my dry land clothes—a full burka. I was a six-foot-one Marine posing as a good Muslim woman. The catch, beneath the modest...

Our Sponsors

Share This