PowerShell: The Indispensable Ransomware Tool

PowerShell is used at every stage of a ransomware attack, from initial access all the way through exfiltration and extortion. This talk will review the different ways ransomware groups use PowerShell, using script examples from real attacks, and discuss ways organizations can detect the malicious use of PowerShell in their networks.

With more than 20 years of experience in ransomware and information security, Allan Liska has improved countless organizations' security posture using more effective intelligence. Liska provides ransomware-related counsel and key recommendations to major global corporations and government agencies, sitting on national ransomware task forces and speaking at global conferences. Liska has worked as both a security practitioner and an ethical hacker at Symantec, iSIGHT Partners, FireEye, and Recorded Future. Regularly cited in The Washington Post, Bloomberg, The New York Times, and NBC News, he is a leading voice in ransomware and intelligence security. Liska has authored numerous books including "The Practice of Network Security," "Building an Intelligence-Led Security Program," "Securing NTP: A Quickstart Guide,""Ransomware: Defending Against Digital Extortion," "DNS Security: Defending the Domain Name System," and "Ransomware: Understand.Prevent.Recover."