SlideShare une entreprise Scribd logo

Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape

Roger Hagedorn
Roger Hagedorn

Presented at the Nonprofit Communications & Technology Conference, Minneapolis MN, February 21, 2017

Technologie
1  sur  109
Télécharger pour lire hors ligne
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape How to cope in Today’s World
Roger Hagedorn IT Security Analyst for the City of Minneapolis
Introduction: Three Tales of Woe
One: A New Spin on Staycations
the Romantik Seehotel Jaegerwirt, a luxurious 4‐star hotel  on the Alpine Turracher Hoehe Pass in Austria
January 28, 2017 “One of Europe's top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid.” http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
The  Culprit:
Two: A Tale of the New Southwest
https://nakedsecurity.sophos.com/2017/02/01/eight-years-worth-of-police-evidence-wiped-out-in-ransomware-attack/
February 1, 2017 “Texas police in the town of Cockrell Hill have lost eight years’ worth of digital evidence after getting hit by a ransomware attack in December and refusing to pay up. … The email planted a virus that then corrupted all files on the server. In the end, they destroyed all Microsoft Office documents – including Word and Excel files – as well as all bodycam video, some photos, some in-car video, and some police department surveillance video, dating back as early as 2009.” https://nakedsecurity.sophos.com/2017/02/01/eight-years-worth-of-police-evidence-wiped-out-in-ransomware-attack/
Three: A Real Tale of Life and Death
Hollywood hospital held to ransom by cybercrooks
February 2016 “A Hollywood hospital has been crippled by a cyberattack, with crooks reportedly holding its data hostage and demanding 9,000 in Bitcoin – about $3.4 million – to give it back.” They ended up paying $17,000 but went without computers for ten days. Patients were diverted to other hospitals. https://nakedsecurity.sophos.com/2016/02/16/hollywood-hospital-held-to-ransom-by-cybercrooks/ Photo by Junkyardsparkle via Wikimedia Commons
2016: the Year of Ransomware
In 2016, Ransomware  emerged as one of the most  dangerous cyberthreats facing  both organizations and  consumers. 
http://www-03.ibm.com/press/us/en/pressrelease/51230.wss According to FBI and IBM research, global losses now running to …
62 new ransomware families in 2016 Ransomware attacks on businesses increased threefold. = from an attack every 2 minutes to one every 40 seconds Ransomware attacks on small businesses increased eightfold from Q3 2015 to Q3 2016. A single cryptomalware attack can cost SMBs $99k. One in five small and medium-sized business who paid the ransom never got their data back. A Few Unsettling Facts about Ransomware
According to a 2016 survey from Osterman Research, almost one out of every two participants indicated their organization had suffered at least one ransomware attack in the past 12 months. Less than half of ransomware victims fully recover their data, even with backup. Common reasons for incomplete backup recovery included unmonitored and failed backups, loss of accessible backup drives that were also encrypted, and loss of between 1-24 hours of data from the last incremental backup snapshot. More Unsettling Facts about Ransomware Best Practices for Dealing With Phishing and Ransomware; An Osterman Research White Paper, August 2016
What is Ransomware? Defining our terms
There are basically two different types of ransomware: • lockers • encryptors
The first type, known as “Blockers,” “Lockers,” or “WinLockers,” lock the computer screen and prevent the victim from accessing the device. A ransom demand appears on the screen, typically masquerading as a notice from a law enforcement, reporting that the victim has accessed illegal web content and indicating that they must pay a fine.
A variant is “MBR ransomware,” which infects the “master boot record” (MBR), causes the normal boot process to be interrupted. Again, attackers then exploit the situation by displaying a ransom demand.
The second kind is more insidious: Crypto-ransomware or “encryptors” encrypt most types of files available to users, including “.doc,” “.xls,” “.pdf,” and “.jpg.” The attackers then demand a ransom in exchange for the promise to restore the data by providing decryption keys to their files. It doesn’t discriminate: it impacts individuals and organizations from every region and industry around the world.
Distinguishing these types is important: It’s relatively easy to survive a locker or an MBR variant, but it can be a real challenge to deal with crypto-ransomware.
In any case, ransomware is a type of malware that cybercriminals use to extort money from their victims. Ransomware is extortion, plain and simple.
Symantec ISTR Special Report: Ransomware and Businesses 2016 The average ransom demand has more than doubled in the past year. It’s now $679, up from $294 at the end of 2015.
Who are the victims? Consumers are the most likely victims, due to weak or missing security. Organizations 43%Consumers 57%
How Does It Work? Understanding the risks we face
Social Media Ransomware, like any malware, can enter your network and infect your computer in many ways, including on USB devices, via booby-trapped websites that exploit software vulnerabilities, brute-forcing login credentials, “malvertising,” and even via an existing malware infection. Malvertising, where malicious ads are placed on  legitimate ad services and then appear on  trusted websites
But the number one   infection vector is . . .
… malicious spam email a.k.a., “phishing”
• Opens a malicious email attachment that directly installs the ransomware on a user’s computer. • Opens a malicious email attachment that initiates a second-stage delivery through a downloader (often a macro), that then downloads and installs the ransomware. • Clicks on a link embedded in an email that points to an exploit kit that leads to malware being installed. Infection occurs if the user
Here’s how it works:
Phishing  email Website  exploit Desktop  infected Local files  encrypted Attached  storage/backup Files and other  data copied to  criminals Typical Ransomware Attack gets encrypted
Phishing  email Website  exploit Desktop  infected Local files  encrypted PCs with open  shares Files and other  data copied to  criminals Typical Ransomware Attack get  encrypted
Phishing  email Website  exploit Servers and  File shares Files and other  data copied to  criminals Typical Ransomware Attack encrypted Desktop  infected Local files  encrypted
The following are real phish designed to lead to infection and ransomware
Don’t trust this link.  It might look OK but  if you hover your  cursor over it  without clicking, you  can see where it  really takes you . . . bobby.cathy
The problem with email is: you can’t be sure who the  sender really is.
Why “phishing”? Scammers throw out electronic bait and then wait for someone to “bite.”Image by ToastyKen via Flickr  CC BY 2.0
Typical phishing ploys • A notification from the post office or shipment company—DHS, FedEx,  etc.—concerning problems with a delivery • An invoice  or overdue alert from some provider concerning some bill • An alert from the IRS that taxes are owed • An offer of a free gift card if you act now. • An online provider’s alert that the account has expired or the password  needs changing
Disturbing New Trends In Ransomware
The use of different programming languages—JavaScript, PHP, PowerShell—used to evade detection by security products Additional features beyond locking devices or encrypting files: searching for Bitcoin wallets or adding infected computers to botnets The threat of posting the victim’s files, including pictures and videos, on the internet.
And then there’s “Ransomware as a Service” (RaaS) Now available on the Dark Web
"Satan is a free to use ransomware kit, you only need to register on the site to start making your viruses. Satan only requires a user name and password to create an account, althrough, if you wish, you can set a public key for two-factor authentication. Satan has a initial fee of 30% over the victim's payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you'll always get what the victim paid, minus the fee of course. https://www.scmagazine.com/devilish‐new‐ransomware‐hits‐the‐street/article/636444/ Devilish New Ransomware Hits the Street
When creating your malware you can specify the ransom value (in bitcoins), … • Satan is free. You just have to register on the site. • Satan is very easy to deploy, you can create your ransomware in less than a minute. • Satan uses TOR and Bitcoin for anonymity. • Satan's executable is only 170kb. Devilish New Ransomware Hits the Street
https://blog.knowbe4.com/cyberheistnews-vol-7-7-alert-dyna-crypt-ransomware-steals-and-deletes-your-data DynA-Crypt Ransomware Steals &Deletes Your Data …put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind. It not only encrypts your data, but also tries to steal a ton of information from a victim's computer. It also deletes files without backing them up anywhere.
Up till recently, there has been a strange balance of trust between the cybercriminals and their victims. You pay, we return your files. So far, this has worked and ransomware has thrived. So it attracts amateur cybercriminals and we’re seeing the development of ransomware of poor quality, lacking in the assurance that cryptokeys will work and that the data isn’t damaged. Ransomware is becoming the victim of its success
Protecting Yourself and Your Organization preventive steps to consider
Preventive Steps: 1 Having a sound backup strategy is a strong first step. Here’s why: The newest strains of Cryptolocker and its cousins not only traverse the network, they infect the “previous versions,” or shadow copies, that Windows makes. It’s also possible for unencrypted backups to be infected and encrypted, making them worthless as a tactic to avoid paying a ransom.
Many organizations and individuals rely on online backup strategies, backing up to a cloud service that by design always needs a network connection. This “ease of use” makes it very easy for ransomware to encrypt those backups too. Having a sound backup strategy is a strong first step. Preventive Steps: 1
So add an offline backup as part of your strategy. Since any attached device will be encrypted, the storage must be  external and not mapped or connected to the device after the  backup is completed. Back up at least once a week, and more often if need be, to disk  or USB device, and then immediately disconnect that media from  your network and store it somewhere safe. Having a sound backup strategy is a strong first step. Preventive Steps: 1
The more frequent the backup, the less data is lost.  Backup frequency should be based on the strategic importance  of the data and how much data the organization can afford to  lose.  Having a sound backup strategy is a strong first step.
Remember: Backups are the only legitimate way to avoid paying the ransom. So… Preventive Steps: 1
Remember  to back up  your data Preventive Steps: 1
Install software patches and updates as soon as they become available. Ransomware attackers frequently rely on people using outdated software with known vulnerabilities that they can exploit to infiltrate your network. Inconsistent patching and outdated software leave organizations exposed. Make it a practice to update your software regularly— operating systems and the installed applications. Patching commonly exploited third-party software like Acrobat Reader and Flash will prevent many attacks from being successful. Preventive Steps: 2
Completely Remove Adobe Flash If you use several browsers on  Windows, you may have more than a  single version of Flash Player  installed. Remove them all in one fell  swoop: First, open the Control Panel. Next,  select "Programs and Features" to  view your installed applications.  Here, select each of the plugins  associated with Adobe Flash Player  in turn and click "Uninstall."
Remember: Inconsistent patching and outdated software leave organizations exposed. Preventive Steps: 2
Most networks are “flat,” with little or no segmentation between functional areas. Segmentation can be used to stop or slow the lateral movement of malware and intruders. Network segmentation limits the resources that a hacker can access. Place your most sensitive data or systems into dediated, shares, subnets, or VLANS. Then restrict access to sensitive data—follow the principle of  least privilege. Preventive Steps: 3 Protect your data: Segment your network.
Preventive Steps: 4 It’s true that antivirus solutions are good at eliminating other threats, but they are lousy at detecting ransomware, but they are getting better. Have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Have up-to-date malicious software defenses—antivirus and firewall products—running on all devices
Preventive Steps: 5 Use strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk. (and get a password manager) If you’re using “123456”, you’re not alone: nearly 17% of users had “secured” their accounts with “123456”, with the next most common password being “123456789”. https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
Preventive Steps:6-7 Disable macros in Microsoft Office files Show hidden file extensions By default, Windows and OSX hide known file extensions. So one popular method hackers use to make malware appear safe is to name files with double extensions, like “.PDF.EXE.” Enable the ability to see the full file-extensions, so it’s easier to spot suspicious files.
Preventive Steps: 8-9 Install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks. Disable file sharing This way, if you happen to get hit, the ransomware infection will stay isolated to your machine only.
Preventive Steps: 10 Switch off unused networking connections WiFi connections, Bluetooth, and infrared ports are all potential attack vectors. If you don’t use these services, disable them. And be very wary of Open WiFi.
Preventive Steps: 11 Deactivate AutoPlay. This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
Preventive Steps: 12 Change the Windows default behavior to open JavaScript files (.js, .jse) with Notepad, and not Windows Script Host. Windows Script Host (WSH) can grant malicious script a lot of the same run privileges as an executable.
What if it’s part of your job to receive files from unknown people? Lots of employees receive emails from unknown people: • HR Representatives • Finance – Accounts Payable/Receivable Upload them to VirusTotal, a free  service that will run them past scores of  different anti‐virus scanners. https://www.virustotal.com/en/ Preventive Steps: 13
Preventive Steps: 14 But the Number One strategy for avoiding ransomware—as well as most other computer-related issues—is: Train your staff in the dangers of phishing and malware, and help them recognize dangers when they come knocking at the door. A solid Security Awareness Program is crucial to keeping your organization and your staff safe.
Security Awareness User education is the key to preventing ransomware. Teach your staff to refrain from opening attachments or clicking on links that look suspicious. Create a culture of awareness. Discuss these Issues and current events in cybersecurity.
Tell Everyone: Think before you click or download anything.
What if you become infected?
First things first: stop the spread of the infection Disconnect the device from WiFi or unplug it from the network immediately. This will decrease the number of files that get encrypted. Plus you’ll cut down on the infection from machine to machine. When you discover an infection, act fast
Check the No More Ransom project website a non-commercial initiative involving public and private organizations throughout the world that aims to spread a better understanding of ransomware and help people recover their data. Check to see if there’s a decryption tool available that could help get your files back. You should also report incidents to your local law enforcement immediately, https://www.nomoreransom.org/
If the No More Ransom project website can’t help, try this: Use System Restore to get back to a known-clean state. If you have System Restore enabled on your Windows machine, you might be able to take your system back to a known-clean state. Many ransomware variants will prevent this from succeeding, but it’s worth a try.
Also worth a try: If your ransomware is counting down to disaster, set the BIOS clock back. Some ransomware variants have a payment timer that increases the price for your decryption key after a set time. You may be able to give yourself additional time by setting the BIOS clock back to a time before the deadline window is up.
If there aren’t any tools to crack the encryption, power down the endpoint and then reimage it. Eliminating ransomware will require wiping the system totally, then reinstalling a fresh copy of the operating system before reconnecting it to any network.
In an ideal world, you would have already planned for this  eventuality, just as you might prepare to cope with a tornado or  fire. Work with your senior management, communications staff, and  possibly legal council to develop a plan of action in the event  your organization is hit with ransomware.   Prepare for the worst and you’ll be able to weather the storm. Risk Management in an Ideal World
To Pay or Not to Pay It’s an important question
Alas, poor Yorick! You may find yourself pondering  this ugly question: Should I just pay up?
There’s no agreement in the Information Security community. Experts are mixed on the wisdom of paying the demanded ransom. Even the FBI has changed its position on paying. So consider your options carefully.
My personal advice: Don’t pay the ransom. Paying it can make your organization an even bigger target. It could also increase the chance that the next ransom will be higher. It also encourages cybercriminals and might not result in the recovery of the affected files.
Remember that you’re dealing with criminals. There’s no guarantee that files will be unlocked, and there’s an increased likelihood of being attacked again. Even if the hackers provide the encryption key, they could have already exfiltrated data that could be sold or posted on the Deep Web. Trust me!
And now for: The Bigger Picture Enough of these problems! How about a comprehensive solution!?
“Cybercriminals are often not geniuses for a very good reason. They don't need to be. We make it too easy for them to succeed.” Graham Cluley, Feb. 6, 2017 He wants to promote “active security” – active as in “getting off your arse and doing something. https://www.grahamcluley.com/security‐firms‐need‐stop‐exaggerating‐hackers‐abilities‐hype‐products/
With a Cybersecurity framework, organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. A framework provides a way to classify cybersecurity outcomes and a methodology to assess and manage those outcomes. Get Yourself a Cybersecurity Framework
COBIT? NIST? ISO27000? SANS? Pick a framework… any framework
• NIST 800-53 + National Institute of Standards and Tech. • FISMA = Federal Information Security Management Act • DIACAP = DoD Information Assurance Certification and Accreditation Process • SOX = Sarbanes-Oxley Act of 2002 • GLBA = or Gramm-Leach-Bliley Act • PCI-DSS = Payment Card Industry Data Security Standard • NERC = North American Electric Reliability Corporation • CIP = Certified IRBProfessional • ISO 27000 Series = Int’l Org. for Standardization • HITECH Act of 2009 There’s no shortage of standards to consider:
“A lot of times, enterprises just don’t know where and how, or what to do. Where’s the next dollar best spent?” “This is about priority.” Tony Sager, former head of the NSA’s Systems & Network Attack Center, now with the SANS Institute
Since the early 2000s, the NSA had been working on a list of security controls that were most effective in stopping known attacks. The key: “no control should be made a priority unless it could be shown to stop or mitigate a known attack.”
The second key: NSA was already working on collaboration with two nonprofit organizations: The SANS Institute — a cooperative research and education organization, “the most trusted and by far the largest source of information security training and security certification in the world. The Center for Internet Security — “works on enhancing cyber security readiness and response of public and private sector entities.”
Eventually, more than 100 public and private organizations joined in, as well as a few companies involved in incident response, including McAfee and Mandiant. The two main elements: 1) The only justification for a control was actual attack information. 2) The feeling among the participants that they were active contributors to protecting the country.
The clear consensus: Just 20 Critical Controls could address the most prevalent attacks that government, industry, and the private sector face. https://www.cisecurity.org/
Spoiler Alert: Most of these controls are standard procedure or “Best Practices” in network administration. Chances are that you’ve implemented many of them yourself. There really shouldn’t be any surprise here.
1. Inventory of Authorized Devices on network 2. Inventory of all Software 3. Secure Configurations for all devices 4. Continuous Vulnerability Assessment 5. Controlled Use of Admin Privileges Meeting the first five can reduce your risk of attack by 85%
Use this framework to assess your current status
Use this framework for strategic security planning
You can make concrete, measurable steps in improving your networks by putting into place, over time, some or most (if not all) of these controls. Yes it takes time, but it really does pay off. It works to improve your security posture vis-à-vis real-world security threats.
Wrapping Things Up
Thanks very much for your attention! Any questions or comment? Q and A Roger Hagedorn Email: roger.hagedorn@gmail.com
I’d like to thank two colleagues: Ian Anderson IT Security Manager City of Oklahoma City for sharing their presentation “Deploying the Critical Security Controls Like a Boss!” and for allowing me to use a few of their slides. Jon Tidwell IT Security Officer Collin County Government
Symantec ISTR Special Report: Ransomware and Businesses 2016 KASPERSKY SECURITY BULLETIN 2016. https://securelist.com/files/2016/12/KSB2016_Story_of_the_Year_ENG.pdf Best Practices for Dealing With Phishing and Ransomware An Osterman Research White Paper, August 2016 CIS—Center for Internet Security https://www.cisecurity.org/ SANS Institute Newsbites https://www.sans.org/newsletters/newsbites/newsbites.php Graham Cluley –Latest computer security news, opinion and advice https://www.grahamcluley.com/ Naked Security – Computer Security News, Advice and Research https://nakedsecurity.sophos.com/ The Hacker News—Security in a Serious Way http://thehackernews.com References

Recommandé

Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
Roel Palmaers
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick Guide
Sarah Roberts
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
Symantec
 
Ransomware
RansomwareRansomware
Ransomware
Nick Miller
 

Recommandé

Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
Roel Palmaers
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick Guide
Sarah Roberts
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
Symantec
 
Ransomware
RansomwareRansomware
Ransomware
Nick Miller
 
Ransomeware
RansomewareRansomeware
Ransomeware
Abul Hossain Ripon
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
Titas Sarker
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
Solarwinds N-able
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
Mohammad Yahya
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
Hostway|HOSTING
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
Zubair Baig
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
Yash Diwakar
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
doiss delhi
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017
Thesis Scientist Private Limited
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
Calyptix Security
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Cryptolocker Ransomware Attack
Cryptolocker Ransomware AttackCryptolocker Ransomware Attack
Cryptolocker Ransomware Attack
Keval Bhogayata
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Cyphort
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
John Bambenek
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
i-engage
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
Manoj Kumar Mishra
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
NetApp Cloud Survey: EMEA Findings
NetApp Cloud Survey: EMEA FindingsNetApp Cloud Survey: EMEA Findings
NetApp Cloud Survey: EMEA Findings
NetApp
 
Impresionismo
ImpresionismoImpresionismo
Impresionismo
Gonzalo Costa
 

Contenu connexe

Tendances

How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
Solarwinds N-able
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
Calyptix Security
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
John Bambenek
 

Tendances (20)

Ransomeware
RansomewareRansomeware
Ransomeware
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
 
Ransomware
RansomwareRansomware
Ransomware
 
Cryptolocker Ransomware Attack
Cryptolocker Ransomware AttackCryptolocker Ransomware Attack
Cryptolocker Ransomware Attack
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 

En vedette

NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
National Science and Technology Development Agency (NSTDA) - Thailand
 
Power point la novela 1º
Power point la novela 1ºPower point la novela 1º
Power point la novela 1º
guadams
 
Educacion historica 19_de_agosto_2012
Educacion historica 19_de_agosto_2012Educacion historica 19_de_agosto_2012
Educacion historica 19_de_agosto_2012
karina_fabiola
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
Russ Dietz
 

En vedette (20)

NetApp Cloud Survey: EMEA Findings
NetApp Cloud Survey: EMEA FindingsNetApp Cloud Survey: EMEA Findings
NetApp Cloud Survey: EMEA Findings
 
Impresionismo
ImpresionismoImpresionismo
Impresionismo
 
Impresionismo en españa
Impresionismo en españaImpresionismo en españa
Impresionismo en españa
 
NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
NSTDA Newsletter ปีที่ 2 ฉบับที่ 12 ประจำเดือนมีนาคม 2560 (ฉบับที่ 24)
 
Cubismo
CubismoCubismo
Cubismo
 
Power point la novela 1º
Power point la novela 1ºPower point la novela 1º
Power point la novela 1º
 
презентація
презентація презентація
презентація
 
How to Hire the Best Staffing Agency [Guide]
How to Hire the Best Staffing Agency [Guide]How to Hire the Best Staffing Agency [Guide]
How to Hire the Best Staffing Agency [Guide]
 
XiX Post-romanticismo
XiX Post-romanticismoXiX Post-romanticismo
XiX Post-romanticismo
 
Infección po Rotavirus
Infección po RotavirusInfección po Rotavirus
Infección po Rotavirus
 
хозяйство поволжья
хозяйство поволжьяхозяйство поволжья
хозяйство поволжья
 
TRANSPORTATION IN THE 18th CENTURY
TRANSPORTATION IN THE 18th CENTURYTRANSPORTATION IN THE 18th CENTURY
TRANSPORTATION IN THE 18th CENTURY
 
Odontología
OdontologíaOdontología
Odontología
 
Sistemas 1
Sistemas 1Sistemas 1
Sistemas 1
 
Educacion historica 19_de_agosto_2012
Educacion historica 19_de_agosto_2012Educacion historica 19_de_agosto_2012
Educacion historica 19_de_agosto_2012
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 
Data Science for Cyber Risk
Data Science for Cyber RiskData Science for Cyber Risk
Data Science for Cyber Risk
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Processo de Reclamação 2017.2
Processo de Reclamação 2017.2Processo de Reclamação 2017.2
Processo de Reclamação 2017.2
 
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
2016-CyberWeek-TLV-Next-Generation-Cyber-FINAL
 

Similaire à Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape

The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
Protected Harbor
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
JatinRajput67
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
MavrickHost - Reliable Hosting Partner
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud Landscape
Symantec
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
Ren Hao
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
Cyphort
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
Mohammad Ahmed
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
RSIS International
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
AshishDPatel1
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
RSIS International
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
Robert Leong
 

Similaire à Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape (20)

Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud Landscape
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
cyber crime
cyber crimecyber crime
cyber crime
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 

Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape

  • 1. Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landscape How to cope in Today’s World
  • 2. Roger Hagedorn IT Security Analyst for the City of Minneapolis
  • 4. One: A New Spin on Staycations
  • 6.
  • 7. January 28, 2017 “One of Europe's top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid.” http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
  • 9. Two: A Tale of the New Southwest
  • 11. February 1, 2017 “Texas police in the town of Cockrell Hill have lost eight years’ worth of digital evidence after getting hit by a ransomware attack in December and refusing to pay up. … The email planted a virus that then corrupted all files on the server. In the end, they destroyed all Microsoft Office documents – including Word and Excel files – as well as all bodycam video, some photos, some in-car video, and some police department surveillance video, dating back as early as 2009.” https://nakedsecurity.sophos.com/2017/02/01/eight-years-worth-of-police-evidence-wiped-out-in-ransomware-attack/
  • 12. Three: A Real Tale of Life and Death
  • 13. Hollywood hospital held to ransom by cybercrooks
  • 14. February 2016 “A Hollywood hospital has been crippled by a cyberattack, with crooks reportedly holding its data hostage and demanding 9,000 in Bitcoin – about $3.4 million – to give it back.” They ended up paying $17,000 but went without computers for ten days. Patients were diverted to other hospitals. https://nakedsecurity.sophos.com/2016/02/16/hollywood-hospital-held-to-ransom-by-cybercrooks/ Photo by Junkyardsparkle via Wikimedia Commons
  • 15. 2016: the Year of Ransomware
  • 17. http://www-03.ibm.com/press/us/en/pressrelease/51230.wss According to FBI and IBM research, global losses now running to …
  • 18. 62 new ransomware families in 2016 Ransomware attacks on businesses increased threefold. = from an attack every 2 minutes to one every 40 seconds Ransomware attacks on small businesses increased eightfold from Q3 2015 to Q3 2016. A single cryptomalware attack can cost SMBs $99k. One in five small and medium-sized business who paid the ransom never got their data back. A Few Unsettling Facts about Ransomware
  • 19. According to a 2016 survey from Osterman Research, almost one out of every two participants indicated their organization had suffered at least one ransomware attack in the past 12 months. Less than half of ransomware victims fully recover their data, even with backup. Common reasons for incomplete backup recovery included unmonitored and failed backups, loss of accessible backup drives that were also encrypted, and loss of between 1-24 hours of data from the last incremental backup snapshot. More Unsettling Facts about Ransomware Best Practices for Dealing With Phishing and Ransomware; An Osterman Research White Paper, August 2016
  • 21. There are basically two different types of ransomware: • lockers • encryptors
  • 22. The first type, known as “Blockers,” “Lockers,” or “WinLockers,” lock the computer screen and prevent the victim from accessing the device. A ransom demand appears on the screen, typically masquerading as a notice from a law enforcement, reporting that the victim has accessed illegal web content and indicating that they must pay a fine.
  • 23.
  • 24. A variant is “MBR ransomware,” which infects the “master boot record” (MBR), causes the normal boot process to be interrupted. Again, attackers then exploit the situation by displaying a ransom demand.
  • 25. The second kind is more insidious: Crypto-ransomware or “encryptors” encrypt most types of files available to users, including “.doc,” “.xls,” “.pdf,” and “.jpg.” The attackers then demand a ransom in exchange for the promise to restore the data by providing decryption keys to their files. It doesn’t discriminate: it impacts individuals and organizations from every region and industry around the world.
  • 26.
  • 27. Distinguishing these types is important: It’s relatively easy to survive a locker or an MBR variant, but it can be a real challenge to deal with crypto-ransomware.
  • 28. In any case, ransomware is a type of malware that cybercriminals use to extort money from their victims. Ransomware is extortion, plain and simple.
  • 29. Symantec ISTR Special Report: Ransomware and Businesses 2016 The average ransom demand has more than doubled in the past year. It’s now $679, up from $294 at the end of 2015.
  • 30. Who are the victims? Consumers are the most likely victims, due to weak or missing security. Organizations 43%Consumers 57%
  • 31. How Does It Work? Understanding the risks we face
  • 32. Social Media Ransomware, like any malware, can enter your network and infect your computer in many ways, including on USB devices, via booby-trapped websites that exploit software vulnerabilities, brute-forcing login credentials, “malvertising,” and even via an existing malware infection. Malvertising, where malicious ads are placed on  legitimate ad services and then appear on  trusted websites
  • 34. … malicious spam email a.k.a., “phishing”
  • 35. • Opens a malicious email attachment that directly installs the ransomware on a user’s computer. • Opens a malicious email attachment that initiates a second-stage delivery through a downloader (often a macro), that then downloads and installs the ransomware. • Clicks on a link embedded in an email that points to an exploit kit that leads to malware being installed. Infection occurs if the user
  • 36. Here’s how it works:
  • 40.
  • 41. The following are real phish designed to lead to infection and ransomware
  • 42.
  • 43.
  • 45.
  • 47. Why “phishing”? Scammers throw out electronic bait and then wait for someone to “bite.”Image by ToastyKen via Flickr  CC BY 2.0
  • 48. Typical phishing ploys • A notification from the post office or shipment company—DHS, FedEx,  etc.—concerning problems with a delivery • An invoice  or overdue alert from some provider concerning some bill • An alert from the IRS that taxes are owed • An offer of a free gift card if you act now. • An online provider’s alert that the account has expired or the password  needs changing
  • 50. The use of different programming languages—JavaScript, PHP, PowerShell—used to evade detection by security products Additional features beyond locking devices or encrypting files: searching for Bitcoin wallets or adding infected computers to botnets The threat of posting the victim’s files, including pictures and videos, on the internet.
  • 51. And then there’s “Ransomware as a Service” (RaaS) Now available on the Dark Web
  • 52. "Satan is a free to use ransomware kit, you only need to register on the site to start making your viruses. Satan only requires a user name and password to create an account, althrough, if you wish, you can set a public key for two-factor authentication. Satan has a initial fee of 30% over the victim's payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you'll always get what the victim paid, minus the fee of course. https://www.scmagazine.com/devilish‐new‐ransomware‐hits‐the‐street/article/636444/ Devilish New Ransomware Hits the Street
  • 53. When creating your malware you can specify the ransom value (in bitcoins), … • Satan is free. You just have to register on the site. • Satan is very easy to deploy, you can create your ransomware in less than a minute. • Satan uses TOR and Bitcoin for anonymity. • Satan's executable is only 170kb. Devilish New Ransomware Hits the Street
  • 54. https://blog.knowbe4.com/cyberheistnews-vol-7-7-alert-dyna-crypt-ransomware-steals-and-deletes-your-data DynA-Crypt Ransomware Steals &Deletes Your Data …put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind. It not only encrypts your data, but also tries to steal a ton of information from a victim's computer. It also deletes files without backing them up anywhere.
  • 55. Up till recently, there has been a strange balance of trust between the cybercriminals and their victims. You pay, we return your files. So far, this has worked and ransomware has thrived. So it attracts amateur cybercriminals and we’re seeing the development of ransomware of poor quality, lacking in the assurance that cryptokeys will work and that the data isn’t damaged. Ransomware is becoming the victim of its success
  • 56. Protecting Yourself and Your Organization preventive steps to consider
  • 57. Preventive Steps: 1 Having a sound backup strategy is a strong first step. Here’s why: The newest strains of Cryptolocker and its cousins not only traverse the network, they infect the “previous versions,” or shadow copies, that Windows makes. It’s also possible for unencrypted backups to be infected and encrypted, making them worthless as a tactic to avoid paying a ransom.
  • 58. Many organizations and individuals rely on online backup strategies, backing up to a cloud service that by design always needs a network connection. This “ease of use” makes it very easy for ransomware to encrypt those backups too. Having a sound backup strategy is a strong first step. Preventive Steps: 1
  • 61. Remember: Backups are the only legitimate way to avoid paying the ransom. So… Preventive Steps: 1
  • 63. Install software patches and updates as soon as they become available. Ransomware attackers frequently rely on people using outdated software with known vulnerabilities that they can exploit to infiltrate your network. Inconsistent patching and outdated software leave organizations exposed. Make it a practice to update your software regularly— operating systems and the installed applications. Patching commonly exploited third-party software like Acrobat Reader and Flash will prevent many attacks from being successful. Preventive Steps: 2
  • 64. Completely Remove Adobe Flash If you use several browsers on  Windows, you may have more than a  single version of Flash Player  installed. Remove them all in one fell  swoop: First, open the Control Panel. Next,  select "Programs and Features" to  view your installed applications.  Here, select each of the plugins  associated with Adobe Flash Player  in turn and click "Uninstall."
  • 65. Remember: Inconsistent patching and outdated software leave organizations exposed. Preventive Steps: 2
  • 66. Most networks are “flat,” with little or no segmentation between functional areas. Segmentation can be used to stop or slow the lateral movement of malware and intruders. Network segmentation limits the resources that a hacker can access. Place your most sensitive data or systems into dediated, shares, subnets, or VLANS. Then restrict access to sensitive data—follow the principle of  least privilege. Preventive Steps: 3 Protect your data: Segment your network.
  • 67. Preventive Steps: 4 It’s true that antivirus solutions are good at eliminating other threats, but they are lousy at detecting ransomware, but they are getting better. Have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Have up-to-date malicious software defenses—antivirus and firewall products—running on all devices
  • 68. Preventive Steps: 5 Use strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk. (and get a password manager) If you’re using “123456”, you’re not alone: nearly 17% of users had “secured” their accounts with “123456”, with the next most common password being “123456789”. https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
  • 69. Preventive Steps:6-7 Disable macros in Microsoft Office files Show hidden file extensions By default, Windows and OSX hide known file extensions. So one popular method hackers use to make malware appear safe is to name files with double extensions, like “.PDF.EXE.” Enable the ability to see the full file-extensions, so it’s easier to spot suspicious files.
  • 70. Preventive Steps: 8-9 Install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks. Disable file sharing This way, if you happen to get hit, the ransomware infection will stay isolated to your machine only.
  • 71. Preventive Steps: 10 Switch off unused networking connections WiFi connections, Bluetooth, and infrared ports are all potential attack vectors. If you don’t use these services, disable them. And be very wary of Open WiFi.
  • 72. Preventive Steps: 11 Deactivate AutoPlay. This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
  • 73. Preventive Steps: 12 Change the Windows default behavior to open JavaScript files (.js, .jse) with Notepad, and not Windows Script Host. Windows Script Host (WSH) can grant malicious script a lot of the same run privileges as an executable.
  • 74. What if it’s part of your job to receive files from unknown people? Lots of employees receive emails from unknown people: • HR Representatives • Finance – Accounts Payable/Receivable Upload them to VirusTotal, a free  service that will run them past scores of  different anti‐virus scanners. https://www.virustotal.com/en/ Preventive Steps: 13
  • 75. Preventive Steps: 14 But the Number One strategy for avoiding ransomware—as well as most other computer-related issues—is: Train your staff in the dangers of phishing and malware, and help them recognize dangers when they come knocking at the door. A solid Security Awareness Program is crucial to keeping your organization and your staff safe.
  • 76. Security Awareness User education is the key to preventing ransomware. Teach your staff to refrain from opening attachments or clicking on links that look suspicious. Create a culture of awareness. Discuss these Issues and current events in cybersecurity.
  • 77. Tell Everyone: Think before you click or download anything.
  • 78. What if you become infected?
  • 79. First things first: stop the spread of the infection Disconnect the device from WiFi or unplug it from the network immediately. This will decrease the number of files that get encrypted. Plus you’ll cut down on the infection from machine to machine. When you discover an infection, act fast
  • 80. Check the No More Ransom project website a non-commercial initiative involving public and private organizations throughout the world that aims to spread a better understanding of ransomware and help people recover their data. Check to see if there’s a decryption tool available that could help get your files back. You should also report incidents to your local law enforcement immediately, https://www.nomoreransom.org/
  • 81. If the No More Ransom project website can’t help, try this: Use System Restore to get back to a known-clean state. If you have System Restore enabled on your Windows machine, you might be able to take your system back to a known-clean state. Many ransomware variants will prevent this from succeeding, but it’s worth a try.
  • 82. Also worth a try: If your ransomware is counting down to disaster, set the BIOS clock back. Some ransomware variants have a payment timer that increases the price for your decryption key after a set time. You may be able to give yourself additional time by setting the BIOS clock back to a time before the deadline window is up.
  • 83. If there aren’t any tools to crack the encryption, power down the endpoint and then reimage it. Eliminating ransomware will require wiping the system totally, then reinstalling a fresh copy of the operating system before reconnecting it to any network.
  • 85. To Pay or Not to Pay It’s an important question
  • 87. There’s no agreement in the Information Security community. Experts are mixed on the wisdom of paying the demanded ransom. Even the FBI has changed its position on paying. So consider your options carefully.
  • 88. My personal advice: Don’t pay the ransom. Paying it can make your organization an even bigger target. It could also increase the chance that the next ransom will be higher. It also encourages cybercriminals and might not result in the recovery of the affected files.
  • 89. Remember that you’re dealing with criminals. There’s no guarantee that files will be unlocked, and there’s an increased likelihood of being attacked again. Even if the hackers provide the encryption key, they could have already exfiltrated data that could be sold or posted on the Deep Web. Trust me!
  • 90. And now for: The Bigger Picture Enough of these problems! How about a comprehensive solution!?
  • 91. “Cybercriminals are often not geniuses for a very good reason. They don't need to be. We make it too easy for them to succeed.” Graham Cluley, Feb. 6, 2017 He wants to promote “active security” – active as in “getting off your arse and doing something. https://www.grahamcluley.com/security‐firms‐need‐stop‐exaggerating‐hackers‐abilities‐hype‐products/
  • 92. With a Cybersecurity framework, organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. A framework provides a way to classify cybersecurity outcomes and a methodology to assess and manage those outcomes. Get Yourself a Cybersecurity Framework
  • 93. COBIT? NIST? ISO27000? SANS? Pick a framework… any framework
  • 94. • NIST 800-53 + National Institute of Standards and Tech. • FISMA = Federal Information Security Management Act • DIACAP = DoD Information Assurance Certification and Accreditation Process • SOX = Sarbanes-Oxley Act of 2002 • GLBA = or Gramm-Leach-Bliley Act • PCI-DSS = Payment Card Industry Data Security Standard • NERC = North American Electric Reliability Corporation • CIP = Certified IRBProfessional • ISO 27000 Series = Int’l Org. for Standardization • HITECH Act of 2009 There’s no shortage of standards to consider:
  • 95. “A lot of times, enterprises just don’t know where and how, or what to do. Where’s the next dollar best spent?” “This is about priority.” Tony Sager, former head of the NSA’s Systems & Network Attack Center, now with the SANS Institute
  • 96. Since the early 2000s, the NSA had been working on a list of security controls that were most effective in stopping known attacks. The key: “no control should be made a priority unless it could be shown to stop or mitigate a known attack.”
  • 97. The second key: NSA was already working on collaboration with two nonprofit organizations: The SANS Institute — a cooperative research and education organization, “the most trusted and by far the largest source of information security training and security certification in the world. The Center for Internet Security — “works on enhancing cyber security readiness and response of public and private sector entities.”
  • 98. Eventually, more than 100 public and private organizations joined in, as well as a few companies involved in incident response, including McAfee and Mandiant. The two main elements: 1) The only justification for a control was actual attack information. 2) The feeling among the participants that they were active contributors to protecting the country.
  • 99. The clear consensus: Just 20 Critical Controls could address the most prevalent attacks that government, industry, and the private sector face. https://www.cisecurity.org/
  • 100.
  • 101. Spoiler Alert: Most of these controls are standard procedure or “Best Practices” in network administration. Chances are that you’ve implemented many of them yourself. There really shouldn’t be any surprise here.
  • 102. 1. Inventory of Authorized Devices on network 2. Inventory of all Software 3. Secure Configurations for all devices 4. Continuous Vulnerability Assessment 5. Controlled Use of Admin Privileges Meeting the first five can reduce your risk of attack by 85%
  • 103. Use this framework to assess your current status
  • 104. Use this framework for strategic security planning
  • 105. You can make concrete, measurable steps in improving your networks by putting into place, over time, some or most (if not all) of these controls. Yes it takes time, but it really does pay off. It works to improve your security posture vis-à-vis real-world security threats.
  • 107. Thanks very much for your attention! Any questions or comment? Q and A Roger Hagedorn Email: roger.hagedorn@gmail.com
  • 108. I’d like to thank two colleagues: Ian Anderson IT Security Manager City of Oklahoma City for sharing their presentation “Deploying the Critical Security Controls Like a Boss!” and for allowing me to use a few of their slides. Jon Tidwell IT Security Officer Collin County Government
  • 109. Symantec ISTR Special Report: Ransomware and Businesses 2016 KASPERSKY SECURITY BULLETIN 2016. https://securelist.com/files/2016/12/KSB2016_Story_of_the_Year_ENG.pdf Best Practices for Dealing With Phishing and Ransomware An Osterman Research White Paper, August 2016 CIS—Center for Internet Security https://www.cisecurity.org/ SANS Institute Newsbites https://www.sans.org/newsletters/newsbites/newsbites.php Graham Cluley –Latest computer security news, opinion and advice https://www.grahamcluley.com/ Naked Security – Computer Security News, Advice and Research https://nakedsecurity.sophos.com/ The Hacker News—Security in a Serious Way http://thehackernews.com References