April 18, 2017 at 6:30 PM

ISSA National Capital Chapter March meeting topic:

A King’s Ransom: Why Ransomware is Winning and How We Can Turn the Tide
by Michael Sutton of Zscaler

michael sutton


Ransomware has exploded to become one of the most profitable tools in the attacker’s toolkit. Why? While ransomware has actually been around for more than two decades, the financial success of CryptoLocker, along with the emergence of anonymous payment schemes led to it’s resurgence in 2013. While Operation Tovar killed off CryptoLocker, this only spawned a variety of copycat malware families following a similar pattern of leveraging public key encryption to hold personal files hostage until a ransom is ultimately paid. Attackers have managed to hit a sweet spot by targeting valuable data with financial or sentimental value, while setting a price point that individuals and corporations seem willing to pay. This, combined with poor data backup practices and ineffective endpoint security, has made ransomware a lucrative and growing market. As attackers have realized the potential of this weapon, they have moved beyond opportunistic attacks to target corporations and are now demanding significant payments well beyond the ransom demanded from individuals…and the companies are paying.

Combating ransomware requires a combination of dynamic analysis of the quickly morphing binary payloads and associated network traffic and exploiting the mistakes that have been made by the malware authors. Monitoring ransomware families over the years, we have noted interesting trends both in the techniques utilized by the families tracked and also where they are achieving success. Despite being generic in nature, certain malware families have reaped greater damage in specific global regions. The reasons for this involve a combination of attack techniques and human psychology. In monitoring the impact of ransomware on over 5,000 enterprises, we have also noted unintended, but predictable behaviors that can aid in identifying and defending against the threat. Our research has shown that binary analysis of ransomware is only half the battle. An effective defense must also incorporate network traffic analysis to proactively identify the infrastructure used to facilitate the cycle of infection and extortion.

In this talk, we will address the evolution of ransomware and focus on specific case studies to demonstrate and reveal the unique traits leveraged by specific families. We will discuss solutions which have proven highly effective in combatting ransomware. We will also peer into the crystal ball and leverage the expertise that we’ve gained in observing thousands of ransomware variants to predict where this threat is headed next.

About the Speaker

Michael Sutton has dedicated his career to conducting leading-edge security research, building teams of world-class researchers and educating others on a variety of security topics. As VP, Security Research, Sutton heads ThreatLabZ, the research and development arm of Zscaler. ThreatLabZ is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. He is a published author, frequent speaker at major security conferences and is regularly quoted in the media. Prior to joining Zscaler, he was the Security Evangelist for SPI Dynamics (acquired by HP) and the Research Director at iDefense (acquired by VeriSign).



Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.


Tuesday, April 18, 2017 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor 
Washington, DC, 20005

Click here for details.