Encrypting ransomware is a key term in the title as just ransomware is broad and can include threats that are very different, easy to detect, and don't encrypt files at infection - the key differentiation point that gives these threats the upper hand against AV.
The presentation is going to be on all the encrypting ransomwares we've seen thus far. It will cover in-depth features of each one and how malware authors made improvements as time went on. There is quite a few so it will be a full presentations worth (cryptolocker, dir-crypt, cryptowall, cryptodefense, zero-locker, critroni, synolocker, cryptographic locker). I'll show from start to finish of an infection and what a user will experience and will highlight social engineering tactics along with the methods of payment circumventing money mules. And of course will end with our product and functionality. Journaling capability will be clearly stated in a fashion that highlights its strength, but not in a way that would lead to false assumptions.