2024-04-27 –, Sophia Room - Track 2
Whatever you do, don't pull the plug!
A ticket has been logged, users are unable to open files and then you discover the ransom notes, and start seeing files changing before your eyes - what next? Isolate the hosts, pull the power, pray or go and make a cuppa?
This talk will cover a real life experience when someone did exactly that and pulled the power out of a storage array - with the best of intentions to prevent further damage, unbeknown that this would actually cripple the network!
From stopping the attack, uncovering the lack of DR and backups, to reconstructing the environment and travelling across London with a server in the back of a black cab and then rebuilding. This is a real life tale about how a lack of incident response planning and knee jerk reactions can make things worse!
Whatever you do, don't pull the plug!
A ticket has been logged, users are unable to open files and then you discover the ransom notes, and start seeing files changing before your eyes - what next? Isolate the hosts, pull the power, pray or go and make a cuppa?
This talk will cover a real life experience when someone did exactly that and pulled the power out of a storage array - with the best of intentions to prevent further damage, unbeknown that this would actually cripple the network!
From stopping the attack, uncovering the lack of DR and backups, to reconstructing the environment and travelling across London with a server in the back of a black cab and then rebuilding. This is a real life tale about how a lack of incident response planning and knee jerk reactions can make things worse!
Pete G is a Principal Cyber Security Engineer heading up a Security Engineering practice for one of the largest and most famous transport networks in the world.
For over 16 years, Pete has navigated the ever-evolving IT and cybersecurity landscape. His journey has taken him through the darkest corners of the cyberworld, from chasing ransomware operators through labyrinthine networks to resurrecting Active Directory from the ashes of malicious attacks. From crafting brand-new infrastructures from the ground up to unraveling complex fraud schemes, he has done most things.
A passionate advocate for knowledge sharing and community building, you can often find him at BSides conferences, where he's not just an attendee but a source of inspiration for budding cybersecurity enthusiasts. He's also the creator and guardian of the "Cyber Railway," a live interactive hackable railway CTF/War Game. It's a playground where aspiring hackers can sharpen their skills.
Known for his dad jokes, loyalty and entertainment on the decks and off he's a good egg.