Investigating Ransomware: Call for Presentations

We invite all cyber responders and DFIR investigators who have ransomware experience to submit a presentation by June 10, 2022. This is a unique opportunity to share your knowledge and help follow responders. We are expecting more than 400 attendees. 

This will be an in-person event for both speakers and attendees. Sessions will be 30-minutes. We will consider one or two exceptional talks to occur via video conferencing software. 


The goal of the conference is to share actionable information for people who are both new or experienced with ransomware. Both individuals and companies are welcome to present. No sales pitches please. 

 Example topics include:

  • How to investigate different ransomware groups
  • How to investigate different ransomware families
  • How to investigate Cobalt Strike, TrickBot, BazarLoader, and other commonly used attacker tools. 
  • How your ransomware investigations differ from normal intrusion investigations
  • Challenges of investigating in a crippled environment
  • Ransomware-specific DFIR tools and techniques
  • Approaches to effectively getting the attackers out
  • Approaches to scoping the incident and knowing what else the attacker did
  • What kind of investigative questions have you been tasked to answer and how did you answer them?

We are explicitly not looking for presentations on how to prevent ransomware, how to recover from ransomware, or how to decide if you pay the ransom. Those are important topics, but are covered by other non-DFIR events. 

Submission Instructions