Security Chaos Engineering to Avoid Payments Ransom Gangs

Transcript

1. Avoiding Payments Ransomware Gangs Security Chaos Engineering

2. YURY NIÑO Cloud AppMod Engineer Chaos Engineering Advocate @google www.yurynino.dev

3. Agenda Ransomware Intro Why We Need Security Reliability? Security Chaos

   Engineering Intro How to use Security Chaos Engineering to anticipate a ransomware attack? Takeaways www.yurynino.dev
4. None

5. No 24% What would you be willing to do to

   recover a file on which your reputation depends? A survey among 32 colleagues showed that they would not pay for recovering the reputational data. Si 76% www.yurynino.dev

6. What the companies said Ransom payments are required to obtain

   the keys to decrypt files and to prevent stolen data from being leaked or sold. https://www.hipaajournal.com/ransomware-payments-record-low/ 85% 46% 29%
7. None

8. https://www.bladetechinc.com/news/5-stages-of-a-ransomware-attack

9. Data from Blackfog showed that from January to November of

   2021 year, 244 ransomware hacks were publicized. Hitting sectors like healthcare, education or services. Most of those hacks occurred in the government sector.

10. Critical gaps are often in preventing the initial breach and

    in the confidence and capability to recover without paying the ransom.

11. While traditional security often focuses on preventing known threats, it

    is not sufficient for complex, dynamic systems and novel attack methods.

12. [SCE] is a sociotechnical transformation that drives tthe organizations through

    the ability to respond to failure and adapt to evolving conditions with speed and grace. Security Chaos Engineering It is the identification of security control failures through proactive experimentation to build confidence in the system’s ability to defend against malicious conditions in production.

13. Hypothesize Identify assumptions about your ransomware defenses Simulate Run safe

    ransomware-like behaviors using chaos tools Observe Measure detection, alerting, and response quality Improve Patch gaps, adjust controls, enhance playbooks Repeat Make it an ongoing process, not a one-off. HOW TO PREVENT RANSOMWARE ATTACKS WITH SCE

14. If ransomware encrypts files on an endpoint, EDR should detect

    and isolate the machine. Backups should remain untouched even if ransomware hits production systems. 1. Define Hypotheses about Security Controls

15. File encryption simulation using benign scripts to mimic encryption patterns.

    Mass file access/modification: Simulate rapid file changes to test detection and response. Tools like: [Atomic Red Team, Caldera, Infection Monkey] 2. Simulate Ransomware Behaviors

16. SIEM/EDR/IDS/IPS alerts Automated isolation of endpoints. Backup integrity checks. Incident

    response time. 3. Test Detection and Response Mechanisms

17. Harden EDR rules. Limit permissions. Improve segmentation to contain ransomware

    spread. Train incident responders using the test results. 4. Improve Based on Findings

18. Integrate into CI/CD pipelines or periodic testing routines. Evolve attack

    simulations as ransomware tactics evolve. 5. Automate and Re-Test Continuously

19. Proactive Validation of Recovery is Paramount. Build Muscle Memory and

    Confidence in Incident Response. Uncover Blind Spots in Security Controls and Monitoring. Reduce Financial and Reputational Risk by Proving Resilience. Takeaways

20. @yurynino How to begin?