homepage
Open menu
Talk with an expert

Ransomware

As ransomware attacks continue to impact organizations around the world, we are seeing more and more attacks that have an adjacent or direct impact on Operational Technology environments. As ransomware attacks continue to rise, how should companies think about the cyber to physical impacts to their OT environments? Organizations need to consider the steps they should be pursuing right now before a potential attack occurs, establish and implement procedures on how or if they should operate their systems during an attack, and what actions need to be taken after an attack.
Executives and Ransomware: Stop, Collaborate, and Listen!

Executives and Ransomware: Stop, Collaborate, and Listen!

In this discussion, James Shank of Team Cymru and Ryan Chapman of SANS will present the top seven themes for ransomware preparedness. Ransomware has become a pervasive threat in today's world. Everyone is aware of the threat, but that doesn't always translate into Executives knowing what to do to position their organizations well should the threat become reality. You'll leave this talk with a checklist that will enable your senior technical and security staff to ensure your company is well-positioned to combat this threat. Join us for a lively discussion and come prepared to take notes!

View Webcast

Snack Attack! Gamified Ransomware Defense Training

Snack Attack! is designed to engage learners while giving them the tools to prevent ransomware attacks from derailing your business objectives. In what promises to be the most captivating awareness program of the year, your learners will participate in fun, gamified exercises while learning how to thwart ransomware attacks.
Learn More Watch video

SANS 2022 Ransomware Defense Report

The years 2020 and 2021 were undoubtedly the years of ransomware. This report looks at how ransomware defenses have changed from 2020 through 2022. It also explores ransomware threat actor changes, current trends, and how to implement defenses against those trends.

Download the Report

RTF Report: Combatting Ransomware

A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force

"We felt an urgent need to bring together world-class experts across all relevant sectors to create a ransomware framework that government and industry can pursue, and ensure the continued faith of the general public in its institutions." - Philip Reiner, IST CEO and Executive Director of the RTF

Download the Report

Ransomware_Webcast.png

Ransoming Critical Infrastructure - Emergency Webcast

The Colonial Pipeline cyberattack by DarkSide demonstrated the vulnerabilities and effects of these incidents on Operational Technology (OT) environments worldwide. We see more and more concern regarding similar attacks and how organizations could approach and prepare adequate cyber defense and incident response plans for similar cyber incidents.

During the presentation, Tim Conway highlighted that over 30 similar outages on the Colonial Pipeline have occurred over the past 20 years due to storms, ruptures, or mechanical impacts.  The current pipeline disruption is the first cyber-related shutdown that has occurred.  Tim continued, “None of those 30 events bubbled up to a national level response at the scale we are currently seeing with the current cyber attack.”

View Webcast
Ransomware-Leadership_470x382.png

Collective Leadership Thoughts About Ransomware

There's not just one sector that needs to pay attention to ransomware. If you own a business, lead a business, or are the technology or security decision maker, please take a step back and think about what you can do to protect your organization from attacks like this.

Learn More

Blogs

Whitepaper
Ransomware and Malware Intrusions in 2022 (And Preparing for 2023!)
In this paper, we delve into the 2023 SANS Ransomware Survey, assessing the impact of ransomware intrusions on enterprises as they wrap up 2022 and prepare for 2023 security implementations.
Learn More
Whitepaper
Ransomware Impact on Large Global Enterprises
Over the past few years, ransomware has become one of the defining cyber threats for organizations of all sizes. Organizations have changed their response processes, insurance policies, and staffing requirements based on this pervasive threat.
Learn More
Blog
FOR528_blog.png
Digital Forensics, Incident Response & Threat Hunting
FOR528: Ransomware for Incident Responders - New DFIR Course Debuting at the DFIR Summit 2022
Learning to thwart the threat of human-operated ransomware once and for all!
Viv_Ross_370x370.png
Viviana Ross
read more
Blog
Digital Forensics, Incident Response & Threat Hunting
Enterprise Security Tech Q&A
Ryan Chapman speaks on the Kaseya ransomware attack.
370x370_ryan-chapman.jpg
Ryan Chapman
read more
Blog
470x382_STAR_Webcast.jpg
Digital Forensics, Incident Response & Threat Hunting, Penetration Testing and Red Teaming, Cybersecurity Insights
Recommended Sources for Ransomware Information
In our recent SANS Threat Analysis Rundown livestream, we talked about many sources we use to track the ransomware ecosystem.
370x370_katie-nickels.jpg
Katie Nickels
read more
Blog
Security Awareness
Cut Through the Noise: Ransomware – What to Communicate to Your Workforce
As ransomware continues to be in the news, it may leave many in your workforce worried, confused, or asking questions.
370x370_Lance-Spitzner.jpg
Lance Spitzner
read more
Newsletter
What is Ransomware?
Ransomware is a type of malicious software (malware) that is designed to hold your files or computer hostage, demanding payment for you to regain access. Ransomware has become very common because it is so profitable for criminals.
Learn More
Blog
Digital Forensics, Incident Response & Threat Hunting
Identifying and Disrupting Crypto-Ransomware (and Destructive Malware)
In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker, CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious...
Adam Kramer
read more
Blog
Cybersecurity Insights
Turning Out the Lights on Ransomware
Target-specific ransomware can now impact the basic systems that support our daily lives.
Deb Radcliff
read more
Blog
Ransomware-Leadership_370x370.png
Cybersecurity Leadership
Ransomware: Leadership Perspective
Collective thoughts from SANS Cybersecurity Leadership Instructors
MGT_Triad_370x370_Headshot.jpg
SANS Cybersecurity Leadership
read more
Blog
Digital Forensics, Incident Response & Threat Hunting
Executives and Ransomware: Stop, Collaborate, and Listen! Webcast Q&A
James Shank of Team Cymru and Ryan Chapman of SANS answer questions on the top themes for ransomware preparedness.
370x370_ryan-chapman.jpg
Ryan Chapman
read more
Blog
Security Awareness
Protecting Against Ransomware – From the Human Perspective
How to secure your workforce and protect against ransomware
370x370_Lance-Spitzner.jpg
Lance Spitzner
read more
Blog
Digital Forensics, Incident Response & Threat Hunting
WannaCry / WannaCrypt Ransomware Resources
Latest Resources about WannaCry / WannaCrypt Ransomware
Viv_Ross_370x370.png
Viviana Ross
read more
Blog
ICS_Ransoming_Critical_Infrastructure_-_Emergency_Webcast_Transcript_Blog2_(002).jpg
Industrial Control Systems Security
Ransoming Critical Infrastructure: Emergency Webcast Transcript
An in-depth discussion on the OT systems and the effect of cyber attacks on it, relative to ransomware attacks on the Colonial Pipeline.
ICS_Icon_Blue.png
SANS ICS Security
read more
Blog
Cybersecurity Insights
Finding a Cure for Ransomware
Ransomware has been around for years. So why are high-cost, invasive ransomware attacks making so much news these days? Simply put, criminals go where the money is. And there's still a lot of money to be had in ransomware attacks because victims pay the ransoms.In one recent case, two Iranians made...
Deb Radcliff
read more
Blog
Digital Forensics, Incident Response & Threat Hunting
Ransomware at Utilities Puts Humans at Risk
Ransomware on utility systems is on the rise, and the time to act was yesterday.
Deb Radcliff
read more
Blog
Cybersecurity Insights
Ransomware Magnified in the Cloud
A small company with around 50 users was put out of business for a week last year because of ransomware that encrypted files on a local drive that then replicated back to other endpoints through the cloud.The ransomware did not actually go into the cloud directly, but instead it just encrypted the...
Deb Radcliff
read more

    Webcasts

    Webcast
    Cyber Solutions Fest 2022: Ransomware
    One of the most prolific attacks over the past few years, that has touched nearly every industry and kept security professionals up at night, is ransomware. Ever-looming as the threat that can bring an organization to a halt, we have seen an explosive growth in ransomware and extortion attacks....
    Learn More
    Webcast
    Survey & Whitepaper with BishopFox
    Security experts, Matt Bromiley, certified instructor at SANS, and Tom Eston, AVP of consulting at Bishop Fox, will share insights from our ground-breaking research on the methods of modern attackers. In contrast to other surveys that take a defender’s point of view, our report breaks new ground by...
    Learn More
    Webcast
    Ransomware Impact on Large Global Enterprises
    Over the past few years, ransomware has become one of the defining cyber threats for organizations of all sizes. Organizations have changed their response processes, insurance policies, and staffing requirements based on this pervasive threat. Ransomware operators have made it clear that no...
    Learn More
    Webcast
    Threat Spotlight: Cloud-Native Ransomware
    Over the past few years, ransomware has become one of the defining cyber threats for organizations of all sizes. Adversaries have made one thing clear: no industry, organization, or asset type is safe from the potential threat of ransomware and extortion demands. Sure enough, as organizations have...
    Learn More
    Webcast
    Ransomware Prevention Panel Discussion: How to Address a Pervasive and Unrelenting Threat
    This webcast takes a deeper dive into the whitepaper, How to Address a Pervasive and Unrelenting Threat, written by SANS instructor and blue team member Justin Henderson. Justin will moderate a panel that includes sponsor representatives as they explore major themes of the paper.
    Learn More
    Webcast
    Ransomware Prevention Special Report: How to Address a Pervasive and Unrelenting Threat
    Ransomware is a fast-growing threat affecting thousands of government agencies and municipalities and now its even targeting itself toward halting critical ICS/SCADA operations. This webcast will explain why and how ransomware is spreading, introduce standards and provide guidance for detecting and...
    Learn More
    Webcast
    Locked Out! Detecting, Preventing, & Reacting to Human Operated Ransomware
    Human Operated Ransomware (HORA) threat groups are growing in number and strength every day. In this Webcast, SANS Instructor Ryan Chapman will cover the evolution of, tactics inherent to, and threats associated with HORA. Ryan will provide "quick wins" that you can implement now to protect...
    Learn More
    Webcast
    Malware / Ransomware Forum
    Please check back for more details.
    Learn More
    Webcast
    How to Leverage CTI to Defend from Ransomware
    The ransomware landscape is evolving at a rapid pace as Threat Actors are bringing about new Modi Operandi and new Tactics, Techniques and Procedures to the table. The best approach to mitigate these new threats is to apply countermeasures specific to these news M.O.s and TTPs. In order to be able...
    Learn More
    Webcast
    Ransomware Recovery Best Practices: Importance of Immutable Backups
    Highly accomplished S Cleared Technical Engineer with 20+ years of achievement building and executing strategies and tactics to grow and support businesses in enterprise accounts. Possess the Information Technology (IT) disciplines of data protection & recovery, system administration within...
    Learn More
    Webcast
    Using Deception Technologies to Defend Against Active Directory and Ransomware Attacks
    Deception technologies are among the newest entries in the cybersecurity arsenal. But how do they work to address key security concerns? Speakers will present various attack scenarios, provide general approaches to thwarting those attacks with deception technologies, and offer a closer look at how...
    Learn More
    Blog
    Ransomware-Leadership_370x370.png
    Leadership (Security Management) (Top Level)
    Ransomware: Leadership Perspective
    Collective thoughts on ransomware from the SANS Cybersecurity Leadership Instructor & Author team.
    Ransomware: Leadership Perspective
    Event
    Leadership (Security Management) (Top Level)
    NEW Cyber42 version open for registration
    Ransomware is a hot topic. Come play Cyber42 with us to practice management and leadership of such an event.
    Register Here
    Cheat Sheet
    Healthcare_Ransomware-340x340.png
    Leadership (Security Management) (Top Level)
    Ransomware + Healthcare: A Deadly Combination
    Ransomware is not only becoming a more prevalent threat to all industries, but it also presents a triple-threat to healthcare.
    Download pdf

      Podcasts

      Podcast
      CISO Tradecraft: Everything you wanted to know about Ransomware
      Would you like to know more about Ransomware? On this episode of CISO Tradecraft, G Mark Hardy and Ross Young provide an in-depth discussion on Ransomware.
      Learn More
      Podcast
      CISO Tradecraft: Slay the Dragon or Save the Princess?
      This episode CISO Tradecraft continues the Ransomware Discussion. Do you slay the dragon (avoid the ransom) or save the princess (recover your files)?
      Learn More