October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Protecting your organization against ransomware (while ensuring no one sends you a Christmas card)

Allan Liska (Recorded Future), Timothy Gallo (Symantec)
11:20am–12:00pm Wednesday, 11/02/2016
Bridging business and security
Location: Mercury Ballroom Level: Beginner

Prerequisite knowledge

  • A general understanding of ransomware
  • Familiarity with the tools used for system administration in a Windows network

What you'll learn

  • Understand how to prevent ransomware and improve your organization's security by limiting access to common tools—primarily using tools that are already available in most networks


The best way to stop ransomware is to prevent it from ever executing within an environment. Allan Liska and Timothy Gallo begin with a discussion of the ways in which ransomware is traditionally delivered, reviewing spam campaigns and exploit kit delivery methods and exploring how the attackers behind ransomware bypass security measures and entice targets into falling victim to ransomware attacks. Each of these attack methods relies on the ability of the attackers to take advantage of common applications/tools installed in almost every environment: Adobe Flash, macros in Microsoft Office Documents, PowerShell, Microsoft Scripting Engines, and more.

Of course, the reason that these applications and tools are widely available is because users like them, so taking them away with no discussion is not a viable option. Allan and Timothy offer a practical guide to preventing ransomware and improving an organization’s security by limiting access to common tools, primarily using tools that are already available in most networks. More importantly, Allan and Timothy provide guidance for how both IT teams and the larger user community can come together to discuss why these steps are necessary and how to balance the need for security with the need for productivity within the organization.

Photo of Allan Liska

Allan Liska

Recorded Future

Allan Liska is a consulting systems engineer at Recorded Future. Allan has more than 15 years’ experience in the world of security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the coauthor of DNS Security and Ransomware: Defending Against Digital Extortion.

Photo of Timothy Gallo

Timothy Gallo


Timothy Gallo is a cyber security specialist engineer at Symantec. Tim has been working in IT security since 1999, but he’s also been a bouncer, a bartender, and a physicist. He loves finding new ways to do things, in particular by breaking them. Tim has been spending time lately tearing apart pumps, golf carts, and other items to rebuild them into something better, faster, and stronger.