"Your files have been encrypted! To decrypt the files, follow the following instructions…" Behind this dreaded message is much more than the cybercriminal sending it. The deployment of ransomware is often the most visible (and painful) step in a much larger process, in which many criminal actors and activities together form a complex whole. It often drives organizations to desperation. Each stage of the ransomware kill chain offers opportunities to intervene, both offensive as well as defensive. In this session we'll focus on the defensive side and learn about reducing attack surfaces by detecting and preventing kill-chain attacks at an early stage with the use of Attack Surface Reduction rules.

After this session you're on par with the latest updates on ASR rules, guidance on how to use them effectively (we don't accept audit mode) and to gain insights with the help of advanced hunting. This is a must visit session for IT pro's who wants to break the ransomware kill chain!