It's not FINished: The Evolving Maturity in Ransomware Operations

Thursday, April 8, 2021

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

Ransom demands are becoming larger, attackers smarter, and intrusions longer. Ransomware threat actors are hitting European companies hard with more effective ransomware deployment resulting in devastating impacts to victim organisations. When they strike, their ransomware deployments are more complete, more effective, and they are crippling many organisations to the point where there is often no clear path back to business.

We will be sharing tradecraft we've seen ransomware threat actors employ across Europe in 2020. We cover how we're seeing ransomware crews leverage high-profile critical vulnerabilities to gain footholds in as many victims networks as possible, only to come back weeks or even months later to leverage those footholds into full-scale ransomware deployments.

Not only are intrusion tactics improving, but attackers are also transitioning and developing sleek ransomware-as-a-service platforms. Threat actors are professionalising and streamlining their platforms. These platforms are being used by threat actors to generate malware, to communicate and negotiate with victims, and in some cases, for payment processing and decryption utility delivery.

Brought to you by:


Guest Presenters:

Mitchell Clarke

Principal Incident Response Consultant


Mitchell Clarke is a Principal Incident Response Consultant for Mandiant United Kingdom and Ireland. He specializes in providing enterprise-scale response operations for clients facing sophisticated network intrusions by determined attackers. Mitchell is well practiced in leading both large and complex response operations for multinational organizations as well as tightly focused response operations for highly specialized organizations protecting critical intellectual property or sensitive information. Mitchell has led organizations across multiple industries in responding to breaches by adversaries ranging from well-resourced and stealthy nation-state sponsored espionage threat groups to highly motivated cybercriminals seeking to extort or ransom victim organizations.

Tom Hall

Principal Incident Response Consultant


Tom Hall is a Principal Incident Response Consultant in Mandiant's UK team, and European Incident Response Function lead. As part of the Incident Response team, Tom provides services to clients when a breach occurs and has worked on Incident Response engagements globally with Mandiant since 2015. Tom has been responsible for leading and assisting organizations that involved advanced targeted threats and works closely with colleagues on new methods to proactively identify threats using new methodologies.

Sponsor Presenter:

Joe Slowik

Senior Security Researcher


Joe Slowik has over a decade of experience across multiple cyber disciplines. From work in the US Navy, to the US Department of Energy and Los Alamos National Laboratory, to industrial control security company Dragos, Joe has covered multiple facets of cyber intrusions and critical infrastructure defense. As a Senior Security Researcher at DomainTools, Joe continues his work tracking state-sponsored and criminal threats to enterprises with an emphasis on critical infrastructure and related targets.

Sustaining Partners