Moath Sakaji - Mandiant Lead ICS/OT Security, MEA, FireEye
Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, SnakeHouse , and most recently Darkside, have cost victims across a variety of industry verticals many millions of dollars in ransom and collateral costs. These incidents have also resulted in significant disruptions and delays to the physical processes that enable organizations to produce and deliver goods and services. In this talk, we will discuss how adversaries are targeting the operational technology of the critical national infrastructure, and shine a light on the Darkside ransomware operations.