SlideShare a Scribd company logo

Security Hole #18 - Cryptolocker Ransomware

Download as PPTX, PDF
Igor Beliaiev
Igor Beliaiev

Presentation in SoftServe's Security Hole #18 about cryptolocker ransomware, how they work, distribution methods, possible remediation scenarios. Short story about one of our client, who got infected with cryptolocker on 1C database server, our incident forensics and recommendations hot to stay secure

Technology
1 of 31
dddd
What people think hackers do?
What hackers actually do?
Social Engineering 4ever
Statistics
Ransomware
• Searches for files with certain extensions: doc, docx, wps, xls, xlsx, ppt, pptx, pdf, jpg, dng, psd, raw, cer, crt, pfx, wallet … • Doesn’t touch system directories • Encrypts files with a 2048-bit RSA key pair • Paying the ransom results in decryption of the files • No way to decrypt the files without the private key • Ransomware done right! Crypto Lockers
Mobile ransomware
Mobile ransomware Android/Lockerpin Android/Simplocker Android/Locker
Mobile ransomware Android/Koler
Big companies under attack
Locky
What about money?
Statistics
“Traffic today has varied between 1 new endpoint each second, to up to 5 per second. I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of million PCs will be infected”. February 17, 2016
Pay or not to pay? “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
Motto – “be opened to the world”
One of cases
One of cases
Hacker database
Hacked account
TOP login names
More then 11days, 68 ip, 21 countries 94.23.170.170 45.32.83.236 89.184.84.84 195.154.209.174 190.10.9.246 212.83.168.145 193.34.8.158 178.22.50.250 109.237.89.107 46.175.191.254 104.45.28.180 96.11.19.194 12.139.34.20 97.65.80.4 94.136.45.239 46.98.123.93 74.208.153.91 62.205.128.83 76.79.234.170 212.48.66.50 195.138.198.199 94.158.46.227 178.238.92.22 212.57.114.159 109.107.232.75 89.179.244.173 78.37.97.102 91.223.180.250 78.85.33.136 89.151.134.231 163.158.144.184 77.232.25.22 172.245.123.14 188.247.66.213 92.253.126.26 134.249.149.96 176.36.19.10 5.53.117.49 113.160.199.25 74.208.112.162 83.110.216.111 80.82.64.117 91.218.19.12 85.238.100.202 64.38.204.98 61.182.72.16 185.28.110.35 199.189.254.245 179.111.212.254 37.152.8.236 39.109.19.1 37.122.210.243 91.243.29.89 195.70.37.67 211.141.150.55 198.74.113.208 217.73.91.183 24.97.22.154 195.175.104.78 81.176.239.250 14.147.145.218 78.63.234.219 93.75.39.135 190.10.8.29 5.134.114.154
Deanonymization?
Deanonymization?
Revenue? Expectations Reality
How to stay secure? Software updates and patches Security Awareness Low privilege access Backups Antivirus/Antispam
How to secure your 1C with RDP? • Regural backups. • Regural EXTERNAL backups • Access control for own IP addresses/networks. • VPN/IPSec • Password policy • Antibruteforce policy • Don’t use usuals logins (admin/alex/manager).
Skype: ghost-bel
OWASP Lviv Team

Recommended

CSCSS Report: Game Netorks, Terrorism and Hacking
CSCSS Report: Game Netorks, Terrorism and HackingCSCSS Report: Game Netorks, Terrorism and Hacking
CSCSS Report: Game Netorks, Terrorism and HackingCentre for Strategic Cyberspace + Security Science
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Allot Communications
 
6 interesting things to know about Bad Rabbit Ransomware
6 interesting things to know about Bad Rabbit Ransomware6 interesting things to know about Bad Rabbit Ransomware
6 interesting things to know about Bad Rabbit Ransomwarekanika sharma
 
Game Piracy
Game Piracy Game Piracy
Game Piracy abhisheksagi
 
Hacking a company
Hacking a companyHacking a company
Hacking a companyIgor Beliaiev
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Crypto locker infomation
Crypto locker infomationCrypto locker infomation
Crypto locker infomationตาเล็ก วินโด้เก้าแปดเอสอี
 
From Monopoly to Bitcoin
From Monopoly to BitcoinFrom Monopoly to Bitcoin
From Monopoly to BitcoinAshley Taylor
 

Recommended

CSCSS Report: Game Netorks, Terrorism and Hacking
CSCSS Report: Game Netorks, Terrorism and HackingCSCSS Report: Game Netorks, Terrorism and Hacking
CSCSS Report: Game Netorks, Terrorism and HackingCentre for Strategic Cyberspace + Security Science
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Allot Communications
 
6 interesting things to know about Bad Rabbit Ransomware
6 interesting things to know about Bad Rabbit Ransomware6 interesting things to know about Bad Rabbit Ransomware
6 interesting things to know about Bad Rabbit Ransomwarekanika sharma
 
Game Piracy
Game Piracy Game Piracy
Game Piracy abhisheksagi
 
Hacking a company
Hacking a companyHacking a company
Hacking a companyIgor Beliaiev
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Crypto locker infomation
Crypto locker infomationCrypto locker infomation
Crypto locker infomationตาเล็ก วินโด้เก้าแปดเอสอี
 
From Monopoly to Bitcoin
From Monopoly to BitcoinFrom Monopoly to Bitcoin
From Monopoly to BitcoinAshley Taylor
 
How to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole CityHow to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole CityYurii Bilyk
 
What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?SwiftTech Solutions, Inc.
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Security Fix or Workaround
Security Fix or WorkaroundSecurity Fix or Workaround
Security Fix or WorkaroundBohdan Serednytskyi
 
Strategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysisStrategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysisjennifer malabrigo, MBA
 
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)dalchecco
 
What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.Ryan Shea
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
ROTARACT CLUB OF GANDHIDHAM
ROTARACT CLUB OF GANDHIDHAMROTARACT CLUB OF GANDHIDHAM
ROTARACT CLUB OF GANDHIDHAMRotaractClubGandhidham
 
Phallosan Erfahrungen
Phallosan ErfahrungenPhallosan Erfahrungen
Phallosan Erfahrungenlogicelemaling
 
La palanca
La palancaLa palanca
La palancaDiana Vargas
 
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...Vicente Jurado
 
AS CV om
AS CV omAS CV om
AS CV omAnthony Swann
 
TraVis CTTHES3
TraVis CTTHES3TraVis CTTHES3
TraVis CTTHES3Ni Aguirre
 
Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!Chaa Creek Resort
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatRobert Leong
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...HackIT Ukraine
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Computer hacking
Computer hackingComputer hacking
Computer hackingshreyas dani
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 

More Related Content

Viewers also liked

How to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole CityHow to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole CityYurii Bilyk
 
What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?SwiftTech Solutions, Inc.
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Strategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysisStrategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysisjennifer malabrigo, MBA
 
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)dalchecco
 
What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.Ryan Shea
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...Vicente Jurado
 
TraVis CTTHES3
TraVis CTTHES3TraVis CTTHES3
TraVis CTTHES3Ni Aguirre
 
Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!Chaa Creek Resort
 

Viewers also liked (16)

How to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole CityHow to get free Wi-Fi in a whole City
How to get free Wi-Fi in a whole City
 
What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?What is CryptoLocker and How Can I Protect My Business From It?
What is CryptoLocker and How Can I Protect My Business From It?
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
 
Security Fix or Workaround
Security Fix or WorkaroundSecurity Fix or Workaround
Security Fix or Workaround
 
Strategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysisStrategic Management Paper - Hospital industry analysis
Strategic Management Paper - Hospital industry analysis
 
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
Bitcoin Forensics - Paolo Dal Checco (HackInBo, 14 maggio 2016)
 
What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.What is Bitcoin? How Bitcoin works in under 5 minutes.
What is Bitcoin? How Bitcoin works in under 5 minutes.
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
ROTARACT CLUB OF GANDHIDHAM
ROTARACT CLUB OF GANDHIDHAMROTARACT CLUB OF GANDHIDHAM
ROTARACT CLUB OF GANDHIDHAM
 
Phallosan Erfahrungen
Phallosan ErfahrungenPhallosan Erfahrungen
Phallosan Erfahrungen
 
La palanca
La palancaLa palanca
La palanca
 
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
A Young Man’s Fight to Get Wilmington Veteran the Medal of Honor, Wilmington ...
 
AS CV om
AS CV omAS CV om
AS CV om
 
TraVis CTTHES3
TraVis CTTHES3TraVis CTTHES3
TraVis CTTHES3
 
Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!Belize Eco-Kids Summer Camp 2015 Wrap-Up!
Belize Eco-Kids Summer Camp 2015 Wrap-Up!
 

Similar to Security Hole #18 - Cryptolocker Ransomware

Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatRobert Leong
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...HackIT Ukraine
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
3Es of Ransomware
3Es of Ransomware3Es of Ransomware
3Es of RansomwareSunil Kumar
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DANeil Lines
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxbkbk37
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxwrite12
 

Similar to Security Hole #18 - Cryptolocker Ransomware (20)

Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
wp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeatwp-understanding-ransomware-strategies-defeat
wp-understanding-ransomware-strategies-defeat
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
3Es of Ransomware
3Es of Ransomware3Es of Ransomware
3Es of Ransomware
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 

More from Igor Beliaiev

Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev
 
Vlada Kulish "Deserialization. What it is and how to hack it"
Vlada Kulish "Deserialization. What it is and how to hack it"Vlada Kulish "Deserialization. What it is and how to hack it"
Vlada Kulish "Deserialization. What it is and how to hack it"Igor Beliaiev
 
Volodymyr Kimak "Security Tips for Android App"
Volodymyr Kimak "Security Tips for Android App"Volodymyr Kimak "Security Tips for Android App"
Volodymyr Kimak "Security Tips for Android App"Igor Beliaiev
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Security Hole #18 - Security Matters
Security Hole #18 - Security MattersSecurity Hole #18 - Security Matters
Security Hole #18 - Security MattersIgor Beliaiev
 
Security Hole #11 - Competitive intelligence
Security Hole #11 - Competitive intelligenceSecurity Hole #11 - Competitive intelligence
Security Hole #11 - Competitive intelligenceIgor Beliaiev
 

More from Igor Beliaiev (6)

Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"
 
Vlada Kulish "Deserialization. What it is and how to hack it"
Vlada Kulish "Deserialization. What it is and how to hack it"Vlada Kulish "Deserialization. What it is and how to hack it"
Vlada Kulish "Deserialization. What it is and how to hack it"
 
Volodymyr Kimak "Security Tips for Android App"
Volodymyr Kimak "Security Tips for Android App"Volodymyr Kimak "Security Tips for Android App"
Volodymyr Kimak "Security Tips for Android App"
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and Results
 
Security Hole #18 - Security Matters
Security Hole #18 - Security MattersSecurity Hole #18 - Security Matters
Security Hole #18 - Security Matters
 
Security Hole #11 - Competitive intelligence
Security Hole #11 - Competitive intelligenceSecurity Hole #11 - Competitive intelligence
Security Hole #11 - Competitive intelligence
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Security Hole #18 - Cryptolocker Ransomware

  • 2. What people think hackers do?
  • 7. • Searches for files with certain extensions: doc, docx, wps, xls, xlsx, ppt, pptx, pdf, jpg, dng, psd, raw, cer, crt, pfx, wallet … • Doesn’t touch system directories • Encrypts files with a 2048-bit RSA key pair • Paying the ransom results in decryption of the files • No way to decrypt the files without the private key • Ransomware done right! Crypto Lockers
  • 12. Locky
  • 15. “Traffic today has varied between 1 new endpoint each second, to up to 5 per second. I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of million PCs will be infected”. February 17, 2016
  • 16. Pay or not to pay? “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
  • 17.
  • 18. Motto – “be opened to the world”
  • 24. More then 11days, 68 ip, 21 countries 94.23.170.170 45.32.83.236 89.184.84.84 195.154.209.174 190.10.9.246 212.83.168.145 193.34.8.158 178.22.50.250 109.237.89.107 46.175.191.254 104.45.28.180 96.11.19.194 12.139.34.20 97.65.80.4 94.136.45.239 46.98.123.93 74.208.153.91 62.205.128.83 76.79.234.170 212.48.66.50 195.138.198.199 94.158.46.227 178.238.92.22 212.57.114.159 109.107.232.75 89.179.244.173 78.37.97.102 91.223.180.250 78.85.33.136 89.151.134.231 163.158.144.184 77.232.25.22 172.245.123.14 188.247.66.213 92.253.126.26 134.249.149.96 176.36.19.10 5.53.117.49 113.160.199.25 74.208.112.162 83.110.216.111 80.82.64.117 91.218.19.12 85.238.100.202 64.38.204.98 61.182.72.16 185.28.110.35 199.189.254.245 179.111.212.254 37.152.8.236 39.109.19.1 37.122.210.243 91.243.29.89 195.70.37.67 211.141.150.55 198.74.113.208 217.73.91.183 24.97.22.154 195.175.104.78 81.176.239.250 14.147.145.218 78.63.234.219 93.75.39.135 190.10.8.29 5.134.114.154
  • 28. How to stay secure? Software updates and patches Security Awareness Low privilege access Backups Antivirus/Antispam
  • 29. How to secure your 1C with RDP? • Regural backups. • Regural EXTERNAL backups • Access control for own IP addresses/networks. • VPN/IPSec • Password policy • Antibruteforce policy • Don’t use usuals logins (admin/alex/manager).