Cyber resiliency – Ransomware Response Bootcamp
FlexibleIR in association with DSCI and CERT India has created a unique Ransomware Rapid Response 2-day Bootcamp program. Tens of organisations are better prepared for a crisis!. Here we conduct drills and build Playbooks to ensure the organization is prepared technically and from the management perspective too.
Key points on the BootCamp
1. BYOP – Build your own visual playbooks for Rapid Response and compare them with others. Build on best practices. Both technical and management level holistic response.
2. Ransomware case studies and scenarios on which Live responses will be done – The hurdles brought in during scenario execution are close to real !!
3. Most importantly giving the air of realism during a crisis. Understanding to build on worst-case situations.
4. Building abstraction models of your business and exploring how to holistically respond to them.
5. Teams are spread across sectors. There are a lot of open dialogues and learnings which help in building the culture required to respond.
6. Lots of videos, and shared experiences.
7. Rapid – All exercises towards a speedier response and effective program management.
8. Worst case scenario thinking and recording
9. Anticipation and power to withstand
TOPICS that we cover
- Effective communication skills – CRISP, CLEAR , SHORT Communication
- Conti Playbook
- Malwarebytes – source code
- CEO playbook – A clear step by step guide on each topics of crisis response – relevant videos
- Generated video and audio depicting adversarial behavior and other community-wise responses
- Adversary landscape with RU-UA as example
- National cyber incident – Mauritius and Australia – CANADA
- Attack graph/flow – LINK and CODE LINK
- Mitre ATT&CK – Early warning bottom-up Playbooks – SIEM rules/use-cases – LINK
- Negotiation with Ransomware actors – LINK
Ransomware Technical-level playbooks
Different flavors of Ransomware Response Playbooks – LINK
- IT Disaster Recovery Plan – LINK
Great guides for best practises
- CISA Ransomware Response Guide – LINK
- Internal and external stakeholders – LINK
Ransomware reverse engineering
Typical expectations from the participants
- Structured response
- Management level response – Crisis Management – Communication
For country wide CERTS
- Similarity between incidents – LINK
IoCs / Artifacts
community-threats/Conti at master · scythe-io/community-threats · GitHub
Colonial – https://www.youtube.com/watch?v=5H6AvsmUG5Q
Build your own Cyber Crisis Management Plan (CCMP)
Malware Source code
Negotiation with adversary LINK
Breach attack simulation
Cymulate and Prelude
Ransomware – advancements
AWS Cloud response
Call tree examples
- Hierarchy in a team – how call flows happen
- 1 to many would be great
- Inhouse captive voice systems
IR plan examples