The Evolution of Ransomware and the Pinchy Spider Actor Group

background image

As the recent Garmin incident shows, Ransomware can significantly impact business operations of even the largest companies. As ransomware continues to be top of mind for organizations in an ever evolving threat landscape, the cost and impact can range from a disruption of your operations to businesses shuttering their doors forever.

One of the leaders in the ransomware threat space is a group known as Pinchy Spider (REvil/Sodnikibi). This group has quickly evolved to compromise organizations via multiple different methods including the supply chain which enables their infection, data gathering, encryption of systems and extortion without the victim even having to click on a link or open an attachment.

In this webinar, CrowdStrike and RiskIQ discuss the evolution of both Ransomware attacks and the Pinchy Spider actor group; providing attendees with an understanding of the groups current Tactics, Techniques, and Procedures (TTPs) and highlighting how organizations can use the combined visibility of both CrowdStrike Falcon Intelligence and RiskIQ’s global internet collection to derive new actionable intelligence and better defend your organization.

What users will learn from this webinar:

  • Highlevel intro to Ransomware
  • Overview of the Pinchy Spider Actor group
  • A broader understanding of how Pinchy Spider targets organizations
  • How to leverage CrowdStrike Falcon Intelligence to drive investigations
  • How to use RiskIQ’s Global Internet data to expand on network based indicators to provide additional context and IOCs related to an actor group

Speaker Bios

Josh Burgess
CrowdStrike

Josh Burgess has more than a decade of cyber threat analysis and mitigation experience serving in multiple positions including in the intelligence community, the Department of Defense, as well as the financial sector. In a majority of his roles he has served as the technical lead Threat Intelligence Officer for a large SOC to advise them of the latest threats and ensure a sound security posture. His main role in his current position at CrowdStrike is to support customers by applying his experience in actioning both short-term tactical as well as long-term strategic intelligence data and reporting.

Steve Ginty
RiskIQ

Steve Ginty has more than ten years experience as an information security professional focused on incident response, threat intelligence, and data analysis. As co-founder of PassiveTotal (acquired by RiskIQ), he aimed to advance analysis methodologies and processes to make threat investigations and incident response more efficient and effective.

Watch the Webinar