Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
The Rising Tide of Ransomware
John Shier
Senior Security Advisor
@john_shier
2
Ransomware
3
Ransomware Increasingly Troublesome
$209m cost of
ransomware attacks in the
first quarter of 2016
300% increase in
ranso...
4
Ransomware Attacks Are Pervasive
Ransomware Targets
• Businesses (Retail)
• Public agencies (Education,
Healthcare, Gove...
5
The AIDS trojan
6
Fake AV
7
Out with the old, in with the new
FakeAV
Ransomware
8
Police locker
9
Cryptolocker
10
Cryptolocker BitCash
11
Petya
12
Spam
13
Spam
14
Phishing
15
Phishing
16
Return of the mac(ro)
17
HD phishing
18
Locky
19
Locky
20
Cryptowall
21
Paths to exclude
windows
temp
cache
sample pictures
default pictures
sample music
program files
program file (x86)
game...
22
Tips for preventing ransomware
1. Don’t enable macros.
2. Consider installing Microsoft Office viewers.
3. Be very care...
RANSOM DOES NOT GUARANTEE YOUR DATA BACK
Kansas Heart Hospital was hit with a
ransomware attack on 18th of May 2016
It pai...
FAIL PROOF RANSOMWARE PROTECTION
• Protection against ransomware
o Regular time-indexed snapshot backups
o Flexibility in ...
TIME-INDEXED BACKUPS WITH CONFIGURABLE
GRANULAR CONTROLS
BACKUPS SHOULD BE COMPREHENSIVE
Mobile Devices – Smartphones and Tablets
Desktops and Laptops
Cloud Applications
IT/USER FILE LEVEL RESTORE FROM SNAPSHOTS
IT Initiated Restore
User Initiated Restore
RANSOMWARE FILE LEVEL SEARCH
SUMMARY AND KEY TAKEAWAYS
• Update your security software
o Anti-virus and anti-malware software
o Operating systems for a...
• Trusted by over 4,000 enterprises
• Headquartered in Silicon Valley
• Worldwide offices and 24x7 support
• Among fastest...
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Upcoming SlideShare
Loading in …5
×

Taking a Proactive Approach to Combat Ransomware [Druva Webinar]

537 views

Published on

According to CNN, ransomware incidents are expected to cost enterprises $1B in 2016 and no organization is immune. Healthcare, law enforcement and others have been attacked with malware, restricting access to systems and data until a ransom is paid. With ransomware attacks on the rise, organizations have found themselves vulnerable and struggling to reduce risk or proactively prepare for an attack response.

John Shier, Sr. Security Officer at Sophos and Sey Verma, Product Marketing Manager at Druva provide insights into how to confidently prepare your organization to combat ransomware threat including:

* Proactive strategies to protect data before a malicious attack occurs
* Factors and issues that can complicate your organization’s risks
* Measures to gain immediate access to data during and after an attack.

As attacks become more sophisticated, IT organizations need to become ever-vigilant and proactive in mitigating ransomware and other malware attacks.
You can access the live recording at: http://pages2.druva.com/Proactive-Approach-to-Combat-Ransomware-Webinar-On-Demand.html

Published in: Software
  • Be the first to comment

Taking a Proactive Approach to Combat Ransomware [Druva Webinar]

  1. 1. 1 The Rising Tide of Ransomware John Shier Senior Security Advisor @john_shier
  2. 2. 2 Ransomware
  3. 3. 3 Ransomware Increasingly Troublesome $209m cost of ransomware attacks in the first quarter of 2016 300% increase in ransomware attacks since 2015Source - Symantec Ransomware Discoveries
  4. 4. 4 Ransomware Attacks Are Pervasive Ransomware Targets • Businesses (Retail) • Public agencies (Education, Healthcare, Government, Law Enforcement) Systems Impacted • Windows, Mac, Linux • Android
  5. 5. 5 The AIDS trojan
  6. 6. 6 Fake AV
  7. 7. 7 Out with the old, in with the new FakeAV Ransomware
  8. 8. 8 Police locker
  9. 9. 9 Cryptolocker
  10. 10. 10 Cryptolocker BitCash
  11. 11. 11 Petya
  12. 12. 12 Spam
  13. 13. 13 Spam
  14. 14. 14 Phishing
  15. 15. 15 Phishing
  16. 16. 16 Return of the mac(ro)
  17. 17. 17 HD phishing
  18. 18. 18 Locky
  19. 19. 19 Locky
  20. 20. 20 Cryptowall
  21. 21. 21 Paths to exclude windows temp cache sample pictures default pictures sample music program files program file (x86) games sample videos user account privileges packages Files to exclude help_your_files.txt help_your_files.html help_your_files.png Iconcache.db Thumbs.db Extensions to exclude exe dll pif scr sys msi msp com htl cpa msc bat cmd scf Cryptowall
  22. 22. 22 Tips for preventing ransomware 1. Don’t enable macros. 2. Consider installing Microsoft Office viewers. 3. Be very careful about opening unsolicited attachments. 4. Don’t give yourself more login power than necessary. 5. Patch, patch, patch. 6. Train and retrain employees in your business. 7. Segment the company network. 8. Back up your files regularly and keep a recent backup off-site
  23. 23. RANSOM DOES NOT GUARANTEE YOUR DATA BACK Kansas Heart Hospital was hit with a ransomware attack on 18th of May 2016 It paid the ransom, but then attackers tried to extort a second payment Source: Network World http://www.networkworld.com/article/3073495/security/kansas-heart- hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd- ransom.html
  24. 24. FAIL PROOF RANSOMWARE PROTECTION • Protection against ransomware o Regular time-indexed snapshot backups o Flexibility in backup frequency and data retention policies o Comprehensive data protection for endpoints and cloud apps o Offsite data storage (AWS/Microsoft Azure) options • Recovering from ransomware intrusion o 24/7 data access o User/admin restore o Locate suspicious files quickly on endpoints and cloud apps Ransomware • Backup data regularly • Recover at the device or file level • Locate suspicious files via search You Can’t Prevent Ransomware Attacks, But You Can Protect Against It
  25. 25. TIME-INDEXED BACKUPS WITH CONFIGURABLE GRANULAR CONTROLS
  26. 26. BACKUPS SHOULD BE COMPREHENSIVE Mobile Devices – Smartphones and Tablets Desktops and Laptops Cloud Applications
  27. 27. IT/USER FILE LEVEL RESTORE FROM SNAPSHOTS IT Initiated Restore User Initiated Restore
  28. 28. RANSOMWARE FILE LEVEL SEARCH
  29. 29. SUMMARY AND KEY TAKEAWAYS • Update your security software o Anti-virus and anti-malware software o Operating systems for all endpoints including desktops, laptops and smartphones o Patch, patch, patch. • End-user awareness and education • Protection against ransomware o Proactive: Regular time-indexed snapshot backups o Remediation: File level restore and search for infected files
  30. 30. • Trusted by over 4,000 enterprises • Headquartered in Silicon Valley • Worldwide offices and 24x7 support • Among fastest growing data protection providers 30 ABOUT DRUVA

×