This October the Norwegian FIRST members came together for the 7th time in Oslo to organize the Cold Incident Response conference at Telenor Expo. As a proud FIRST member, Defendable is privileged to organize this alongside so many other admirable Norwegian security teams.
FIRST (Forum of Incident Response and Security Teams) is the premier organization and recognized global leader in incident response, and the annual Cold Incident Response conference is FIRST Norway's way of sharing knowledge and know-how on security monitoring and incident response with the broader community. Here, we exchange information and tackle the latest developments in the threat landscape.
Our Senior Security Analyst and Head of Incident Response, Jan Petter Berg Nilsen, had the pleasure of presenting lessons learned from some of the ransomware incidents he has delt with as part of Defendable.
Jan Petter Berg Nilsen is, as all incident responders in Defendable, a senior security resource with extensive experience in handling security incidents and a skilled forensics investigator.
The presentation "Incident Response Lessons Learned: The Full Ransomware Experience" introduced how Defendable works with Ransomware incidents and the lessons that we have learned from those incidents. The presentations focused primarily on one particular ransomware case where the client found that the only option for recovery of their critical systems and data was to pay the ransom. Jan Petter shared how this is far from a smooth and convenient way of getting data back, even with the attackers rather unique customer support experience and deliveries to support the ”customer” after payment.
Nevertheless, Defendable does not recommend paying ransoms. There are mainly two reasons for this; first, it is impossible to know that one is not providing financial support to terrorist or organized criminals, and second, there is no guarantee that the other party will hold up their part of the deal. They may even be technically incapable to do it, as some of the techniques used to encrypt files will cause unrepairable corruption, such as to databases.
If you ever find yourself in a ransomware incident do not hesitate to call Defendable Cyber Defence Center at +47 91 80 80 30 for assistance.
Our dedicated IR team is ready to assist with even the most demanding and advanced incidents.