Ransomware campaigns continue to pose a global threat, with financially driven threat actors using them to extort companies across the globe. As organizations navigate the digital transformation into the Cloud, these threat actors have not only adapted their strategies but also exploited built-in cloud tools to efficiently carry out ransomware campaigns.

This evolution presents a challenge to researchers and security products to create innovative detection methods that can effectively traverse this altered landscape. In this session, I will share actual instances of hybrid ransomware attacks that have resulted in damages amounting to millions of dollars. We will delve into the latest trends and techniques employed by threat actors to compromise both on-premises and cloud environments of victims, including their lateral movement between the two. Furthermore, we will highlight the novel techniques used by threat actors to quickly identify and encrypt an organization’s most vital assets.

This presentation will introduce a pioneering approach to detecting these complex attacks. By employing contextual graph-based correlations, we can reveal a pathway to connect the dots of an attack, even when a direct connection is not apparent. During this talk, I will demonstrate how this innovative methodology has proven instrumental in saving countless investigative hours and enhancing the effectiveness of response efforts in real-life incidents.