Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

"Using cryptolockers as a cyber weapon", Alexander Adamov

333 views

Published on

In the wake of one of the most destructive cyber attack in the history of Ukraine, NotPetya / EternalPetya, we will analyze the factors that contributed to the rapid infection growth, and why security solutions, including antiviruses, could not stop the attack. We will consider the cyber attacks of the cryptolockers XData and WannaCry.NET, which preceded the attack on June 27 and were allegedly created by the same group of cybercriminals who were involved in TeleBots and BlackEnergy attacks.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

"Using cryptolockers as a cyber weapon", Alexander Adamov

  1. 1. Ransomware as a Cyber Weapon Alexander Adamov CEO & Founder @ NioGuard Security Lab
  2. 2. The beginning: AIDS Trojan Date: 1989 Author: Dr. Joseph Popp Payment: $189 to a post office box in Panama Delivery: 20,000 diskettes dispatched to 90 countries as AIDS education software
  3. 3. The beginning: AIDS Trojan License agreement: If you install [this] on a microcomputer... then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs... In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use... These program mechanisms will adversely affect other program applications... You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life... and your [PC] will stop functioning normally... You are strictly prohibited from sharing [this product] with others…
  4. 4. Jim Bates - the author of AIDSOUT and AIDSCLEAR tools Source: https://www.virusbulletin.com/uploads/pdf/magazine/1990/199001.pdf The beginning: AIDS Trojan Virus Bulletin, January 1990
  5. 5. 1996 A. Young, M. Yung, Cryptovirology: Extortion-Based Security Threats and Countermeasures. In: McHugh J, Dinolt G (eds) Symposium on Security & Privacy. IEEE Computer Society Press, Washington DC, pages 129-141, 1996. The beginning: Cryptolocker PoCs Source: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.121.3120&rep=rep1&type=pdf
  6. 6. 2005 A. Young, Building a Cryptovirus Using Microsoft’s Cryptographic API. In Proceedings of the International Conference on Information Security, 2005, pp. 389–401. (Encryption: 3DES) The beginning: Cryptolocker PoCs Source: https://link.springer.com/chapter/10.1007/11556992_28
  7. 7. The beginning: Virus.Win32.Gpcode Date: 2006 Encryption: RSA-660 Payment: $120 via SWIFT / IBAN Source: https://www.knowbe4.com/gpcode
  8. 8. The beginning: Virus.Win32.Gpcode.ak Date: June 2008 Encryption: AES-256 + RSA-1024 Payment: $120 E-gold, Liberty Reserve
  9. 9. Ransomware In-the-wild ● Cerber ● Spora ● Serpent ● Locky ● PsCrypt/Filecoder Source: https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene/
  10. 10. The global impact of ransomware Source: https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene/
  11. 11. The global impact of ransomware Source: https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene/
  12. 12. NotPetya Attack through M.E.Doc
  13. 13. XData ransomware
  14. 14. NotPetya attack through M.E.Doc
  15. 15. Victims’ comments Source: https://ain.ua/2017/05/22/ukraincev-atakuet-novyj-virus-xdata
  16. 16. MEDoc’s reply https://www.virustotal.com/intelligence/s earch/?query=d462966166450416d6ad dd3bfdf48590f8440dd80fc571a389023b 7c860ca3ac
  17. 17. NotPetya attack through M.E.Doc
  18. 18. WannaCry (.NET) ransomware https://blockchain.info/addr ess/13KBb1G7pkqcJcxpRH g387roBj2NX7Ufyf
  19. 19. NotPetya attack through M.E.Doc
  20. 20. NotPetya wiper https://blockchain.info/ address/1Mz7153HMu xXTuR2R1t78mGSdza AtNbBWX
  21. 21. Compare MEDoc updates
  22. 22. NotPetya launcher
  23. 23. Спасибо за внимание! Alexander Adamov ada@nioguard.com Twitter: @Alex_Ad facebook.com/alex.adamoff Thank you for attention

×