DeepSec 2023 Talk: RansomAWARE in 2023 – Steph Shample
Ransomware’s explosion has been sustained for years. As tech changes, so too do the actor TTPs. It’s imperative to explore the 2023 mindset of ransomware actors: they are going after “target rich, cyber poor” industries that will make them money by selling data, exploiting the victims they hit as well as the partners and third party services linked to the victims. While double-, triple-, and quadruple- extortion practices are still around, actors are also adapting/changing their encryption processes to better emulate protective services such as anti-virus and file scanning software to blend in and provide no red flags to technical and cyber practitioners. This allows for a long-term, stealth presence in networks, which facilitates lateral movement to collect as much information as possible.
We asked Steph a few more questions about her talk.
Please tell us the top 5 facts about your talk.
- Ransomware gangs are organized like legitimate businesses, complete with recruiters and a hierarchy of employees
- Ransomware is easy to procure
- AI technology is unfortunately enabling and streamlining ransomware operations
- Cyber actors are sharing TTPs to continuously improve ransomware campaigns
- Encryption is a waning trend in some of the latest ransomware campaigns
How did you come up with it? Was there something like an initial
spark that set your mind on creating this talk?
Ransomware is how I got my start in cyber. It was the first campaign I ever worked on. That was over a decade ago. It’s unreal to have witnessed the evolution of ransomware, exploding in frequency and launching a multi-level extortion scheme alongside it. It’s so dynamic and fascinating to follow.
Why do you think this is an important topic?
Any kind of information can be taken hostage at any time. In this present world where data is currency, this is a frightening thought. In addition to taking data hostage, now there are efforts to hit the critical infrastructure of nations and hold every day, normal life hostage. We have a global epidemic of ransomware that really needs to be addressed by all practitioners in the field.
Is there something you want everybody to know – some good advice for
our readers maybe?
I hit my 40th country ever visited on this trip to Europe! Absolutely love traveling, ecstatic to be back in Austria!
A prediction for the future – what do you think will be the next
innovations or future downfalls when it comes to your field of expertise
/ the topic of your talk in particular?
I’m hoping this epidemic truly unites professionals from each field and elicits better private and public sector collaboration. There is a chance for everyone to shine here.
Steph Shample is a Non-Resident Scholar with the Middle East Institute’s Strategic Technologies and Cyber Security Program and a Senior Analyst at Team Cymru. For the past 17 years, her career has focused on analyzing Iran in various capacities, including its tense relationships with Middle Eastern countries as well as their bordering states, and countering Iranian roles in terrorism, proliferation, and narcotics. During her military career, Steph gained operational experience across the Middle East, Levant, and Central and South Asia. She also completed two deployments to Afghanistan, one military and one as a civilian.