A Series of Unfortunate Events - Where Malware Meets Murphy

Explore a gripping conference talk that delves into a real-world ransomware incident and its chaotic aftermath. Follow along as security expert Mattijs van Ommeren recounts a series of unfortunate events where every security measure fails, and recovery efforts are thwarted at every turn. Learn valuable lessons about incident response, the limitations of security tools, and the importance of preparedness when facing simultaneous attacks from malware and Murphy's Law. Gain insights into practical problem-solving techniques, including file system analysis, entropy calculation, and creative use of operating system tools. Discover how to navigate complex challenges and ultimately achieve a positive outcome in the face of seemingly insurmountable odds.

ABOUT ME
INCIDENT HANDLING PROCESS
PREPARATION
IDENTIFICATION
CONTAINMENT
THE BAD BEGINNING
TRYING TO OPEN A FILE
SERVICE DESK
ENCRYPTED FILES EVERYWHERE
WHICH FILES ARE ENCRYPTED?
FILE EXPLORER
MSDN
CONFUSED...
EUREKA!
THE ERSATZ ELEVATOR
NO ACCESS FOR YOU
ROBOCOPY FTW!
POWERSHELL & ROBOCOPY
LET'S REBUILD
THE WIDE WINDOW
BACKUP DRIVE FILESYSTEM WOES
MS TO THE RESCUE
MORE AFFECTED FILES
SMARTER FILTERING
CALCULATE ENTROPY
LESSONS LEARNED/RECOMMENDATIONS