, Track 1
A real compelling case study where an unknown ransomware actor's last-minute pivot revealed an entirely different threat group orchestrating the attack. This talk demonstrates how threat hunting analytics and infrastructure tracking techniques uncovered the deception, providing attendees with practical detection engineering methods and actionable insights for identifying threat actor misdirection in their own environments.
Come along to explore a fascinating real-world case study of a ransomware investigation that took an unexpected turn. When an unknown threat actor suddenly pivoted their tactics at the last minute, it revealed an entirely different group was actually orchestrating the attack.
This talk will demonstrate how our incident response team used intrusion data and custom threat hunting techniques to uncover this deception, track the malicious infrastructure, and piece together the true attribution. You'll learn practical techniques for identifying when threat actors attempt misdirection and gain insights into the importance of diverse data sources in complex investigations.
Perfect for security professionals looking to sharpen their threat hunting skills and understand the evolving tactics used by ransomware groups to evade detection and attribution.
James is a Chartered Incident Response Professional with extensive expertise in Digital Forensics and Incident Response (DFIR). Certified by SANS, he brings over nine years of specialised experience to the field, having conducted both criminal and civil forensic investigations across public and private sectors.
In his current role, James leads security operations and incident response investigations for Bridewell's diverse client portfolio. His expertise spans critical national infrastructure, finance, hospitality, and FinTech industries, serving clients throughout the UK and US.