Incident & Breach Response , Next-Generation Technologies & Secure Development , Security Operations

Lessons From Real-World Threat Intel, IR for Ransomware

Palo Alto Networks' Wendi Whitmore Shares Insights on the Evolution of Ransomware
Wendi Whitmore, senior vice president and head of Unit 42, Palo Alto Networks

As ransomware attacks keep growing around the globe at a brisk pace, threat intelligence and incident response plans are now vital for enterprises. After a ransomware attack, being curious, asking more questions and figuring out if there are more pieces to the puzzle that need to be put together are all important skills. But keeping calm and engaging external reinforcements with more experience are equally important and therapeutic, said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.

See Also: Demystifying Managed Detection and Response Services

Responding to ransomware attacks not only requires technical expertise but also can be extremely exhausting for IT teams, causing chaos within the organization. Therefore, it is crucial for organizations to have a comprehensive plan in place, according to Whitmore.

Many ransomware operators "are moving just toward extortion," Whitmore said. "So I'm going to steal the data, and then I'm going to ask you to pay me so that I don't release it on the internet. What they're not doing as much is encrypting the data because it takes a lot of time, money and effort."

Attackers are also contacting CEOs, their spouses and children to put pressure on decision makers. “Attackers are continuing to leverage time as a pressure value to essentially try to get to decisions faster," Whitmore said.

In this video interview with Information Security Media Group at RSA Conference 2023, Whitmore also discusses:

  • What ransomware victims should never do;
  • New tools and strategies of ransomware operators;
  • The need to have partnerships for defending against ransomware.

Whitmore is a globally recognized cybersecurity leader with two decades of experience building incident response and threat intelligence teams that have helped clients solve some of the world's largest and most complex breaches.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.