How Ransomware Operates and What We Can Do About It
Abstract:
Ransomware operations have evolved from relatively unsophisticated threat actors into highly coordinated cybercrime syndicates that regularly extort millions of dollars in a single attack. Despite dominating headlines and crippling businesses across the globe, there is relatively little in-depth research into the modern structure and economics of ransomware operations. This talk will provide an overview of the ransomware group Conti's operations as a highly-profitable business, from profit structures to employee recruitment and roles. We present novel methodologies to trace ransom payments, identifying over $80 million in likely ransom payments to Conti and its predecessor. The talk will then describe how the US government is working to help prevent ransomware attacks in the long run by pushing for the adoption of secure by design software.
Bio:
Jack Cable is a Senior Technical Advisor at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), where he helps lead the agency's work on Secure by Design and open source security. Prior to that, Jack worked as a TechCongress Fellow for the Senate Homeland Security and Governmental Affairs Committee, advising Chairman Gary Peters on cybersecurity policy, including election security and open source software security. He previously worked as a Security Architect at Krebs Stamos Group. Jack also served as an Election Security Technical Advisor at CISA, where he created Crossfeed, a pilot to scan election assets nationwide. Jack is a top bug bounty hacker, having identified over 350 vulnerabilities in hundreds of companies. After placing first in the Hack the Air Force bug bounty challenge, he began working at the Pentagon's Defense Digital Service. Jack holds a bachelor's degree in Computer Science from Stanford University and has published academic research on election security, ransomware, and cloud security.
