What is Human Operated Ransomware and how does it differ from traditional ransomware?
Ransomware story started around 2013 when opportunistic instances typically effected one or two devices within an organization. Later more advanced types appeared (e.g. WannaCry and NotPetya in 2017) exploiting unpatched bugs in OS thus affecting entire organization. A new business ecosystem around ransomware was noticed in 2019 where groups of criminals started to use ransomware for extortion of organizations in large scale, after they sneakily gained access to the organization’s network. Human Operated Ransomware is persistent, meaning it can mutate to evade detection from common anti-malware systems allowing it to remain hidden within an organization and used in the future. Even the biggest organizations happened to become victims of these gangs. Author will discuss how to make an organization prepared for Human Operated Ransomware attacks and how to reduce eventual impacts to the organization.
Joseph W. Davis
Joseph is Microsoft’s Chief Security Advisor focused on the Healthcare and Life Sciences in the US where he supports Microsoft customers on industry-related cybersecurity and compliance matters. He acts as an extension of Microsoft’s customers’ security teams by routinely providing them with security advice, guidance, and recommendations for their digital transformation initiatives and helping them safely move data-sensitive workloads to the Cloud.
Prior to Microsoft, he most recently led Accenture/Avanade Security Advisory in North America. Joseph drove organizational transformation by assessing and reducing risk to Accenture’s and Avanade's clients and their customers.
From 2002 to 2016, Joseph Led the Information Security, Compliance, and Data Privacy programs at two large multinational medical device, supplies, and pharmaceuticals development and manufacturing companies.
Joseph has over 26 years' experience in all areas of Information Security, Risk, Compliance & Data Privacy.
As an expert in the medical device safety arena, Joseph participated in drafting FDA Guidance on connected medical device safety and was an active member of Medical Device Innovation, Safety and Security Consortium (MDISS).
Joseph’s career highlights include leading two large publicly traded multinational companies as a CISO responsible for building security & data privacy programs for large enterprises, speaking engagements, co-authoring FDA guidance on connected medical device safety & security testing, educating the next generation of Information Security professionals as an adjunct professor, and community involvement through ISSA, InfraGard, ISC2, CIS, IANS and SANS.