Lessons From Real-World Threat Intel, IR for RansomwarePalo Alto Networks' Wendi Whitmore Shares Insights on the Evolution of Ransomware
As ransomware attacks keep growing around the globe at a brisk pace, threat intelligence and incident response plans are now vital for enterprises. After a ransomware attack, being curious, asking more questions and figuring out if there are more pieces to the puzzle that need to be put together are all important skills. But keeping calm and engaging external reinforcements with more experience are equally important and therapeutic, said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.
Responding to ransomware attacks not only requires technical expertise but also can be extremely exhausting for IT teams, causing chaos within the organization. Therefore, it is crucial for organizations to have a comprehensive plan in place, according to Whitmore.
Many ransomware operators "are moving just toward extortion," Whitmore said. "So I'm going to steal the data, and then I'm going to ask you to pay me so that I don't release it on the internet. What they're not doing as much is encrypting the data because it takes a lot of time, money and effort."
Attackers are also contacting CEOs, their spouses and children to put pressure on decision makers. “Attackers are continuing to leverage time as a pressure value to essentially try to get to decisions faster," Whitmore said.
In this video interview with Information Security Media Group at RSA Conference 2023, Whitmore also discusses:
- What ransomware victims should never do;
- New tools and strategies of ransomware operators;
- The need to have partnerships for defending against ransomware.
Whitmore is a globally recognized cybersecurity leader with two decades of experience building incident response and threat intelligence teams that have helped clients solve some of the world's largest and most complex breaches.