Ransomware Takes Center Stage

Ransomware takes center stage at the RSA Conference

Last week, I attended, presented, and hosted a series of sessions at the annual RSA Conference in San Francisco. Attendees were treated to scary stories about new threats, attack mechanisms, and dangerous technologies causing headaches for security and IT pros everywhere. After all, who needs to visit a haunted house when you can just glance at today’s security landscape?


One of the most exciting – and perhaps terrifying – topics of conversation focused on the evolution of ransomware and what it means for organizations throughout the world. In 2016, ransomware was officially dubbed a “billion-dollar a year” business. Almost every industry, from local governments to financial institutions, retailers, universities, and everything in between, are increasingly vulnerable to malware attacks that hold data hostage. No industry is sacred with even hospitals under attack. Just a year ago, the Hollywood Presbyterian Medical Center in Los Angeles experienced a cyberattack that cost $17,000 to reclaim affected data, and even more in reputational damage.

At the inaugural RSA Conference Ransomware Summit, a lineup of speakers including DataGravity CEO Paula Long, Stanford University CISO Michael Duff, and Kaspersky Lab Senior Malware Analyst Anton Ivanov discussed new cyberattack methods, precautionary steps businesses can take to avoid risks, and more. Here are a few of my key takeaways:

1. When it comes to whether you should pay the ransom following an attack, there’s no right answer.

It’s the most common question I’ve encountered when discussing ransomware: “Should we pay?”

A common sentiment echoed throughout the day was to avoid paying the ransom at all costs. Not only are organizations validating the attackers’ business model, but there is also the risk that criminals won’t return the data. Of course, there are many factors organizations should consider when they’re hit with ransomware. Gal Shpantzer, CEO at Security Outliers and a panelist at the summit, reminded attendees that they can, in some cases, negotiate and should always try to at least push back on the attacker’s deadline. If you’re able to secure additional time, you can test backups and see if they will suffice.

2. DataGravity CEO Paula Long’s session was “the most realistic point of view on ransomware I’ve heard,” according to one attendee.

Paula spoke to the dangers of blindly restoring previously backed-up files without first understanding the data that could reintroduce, or proliferate, the problem to your environment. Paula also talked about how to respond when ransomware strikes and shared tips and tricks for organizations updating their response plans.

One funny anecdote was that an attendee came up to me a few hours after Paula’s session to ask about her background. “I know she’s the CEO,” he said, “but she knows way more about storage, technology and data than any CEO I’ve ever met.”

3. The mix of security professionals and “others” was both surprising and welcomed.

Though I don’t have the full attendee demographics, I can tell you that we had nearly 1,200 attendees throughout the day. The RSA Conference had to relocate the summit to a larger room to accommodate Summit registrants only days before the event.

The makeup of the attendees I spoke with struck me as interesting. One young lady from a prestigious insurance company was recording as much information as possible to help educate her peers on the effects of ransomware, and to better understand how to influence insurance offerings. Another attendee was a former-lawyer-turned-Big-Four-consultant who wanted to learn how to better communicate the ransomware threat to his clients.

There were also a number of academics, including students, researchers and professors, from educational institutions throughout the U.S. The majority of attendees were responsible for some facet of security or technical operations as their occupation.

Perhaps the most moving comment I received was from an attendee that had been coming to the conference for 13 years: “This summit was by far the most impactful and valuable session I’ve ever attended.”

I have a strong feeling that we’ll be doing this again next year so, if you have not yet completed the RSA Conference survey, please make sure to include suggestions on how to make it better.

Speaking of surveys: participate in our Ransomware Preparedness Study, and enter to win one of three $100 Amazon gift cards.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.