Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Ransomware
By Sahil Khan
Null Bhopal Meet October 2016
Ransomware
• What is Ransomware?
• History..
• How does Ransomware Operate?
• What can you do about it?
• Types of Ransomw...
GoogleTrends on Ransomware
What is Ransomware?
• Ransomware is a type of malware which is widely
classified as aTrojan.
• It restricts access to or d...
History...
The first known ransomware was the 1989 "AIDS" trojan
(also known as "PC Cyborg") written by Joseph Popp.
How does a Ransomware operate?
• Ransomware typically propagates as aTrojan like a
conventional computer worm entering a s...
What can you do
about It???
On the one hand, ransomware can be extremely scary
– the encrypted files can essentially be considered
damaged and beyond ...
Back up your data
The single most important thing you can do to prepare for emergencies,
including being affected by ranso...
Keep your Software Updated
Malware authors frequently rely on people running outdated software with known
vulnerabilities,...
Use a Reputable Security Suite
It is always a good idea to have both anti-malware software and a software
firewall to help...
Show Hidden File Extension
One popular method malware uses to appear innocent is to
name files with double extensions, suc...
Filter exe in Email
If your gateway mail scanner has the ability to filter files by extension, you
may want to deny mails ...
Disable RDP
Ransomware sometimes accesses machines by using Remote Desktop
Protocol (RDP), which is a Windows utility that...
Check to see if decrypter is available
Sometimes malware authors make mistakes and decryptors
can be created. Other times,...
Use System Restore
Sometimes malware authors make mistakes and decryptors
can be created. Other times, malware authors fee...
Use System Restore
Sometimes malware authors make mistakes and decryptors
can be created. Other times, malware authors fee...
Set BIOS Clock back
Some ransomware variants have a payment timer that
increases the price for your decryption key after a...
Types Of Ransomware
 Locker Ransomware – Denies access to computer or device.
 Crypto Ransomware – Prevents access to fi...
Famous Ransomware
• Reveton
• CryptoLocker
• CryptoLocker.F andTorrentLocker
Reveton
 In 2012, a major ransomware worm known as Reveton began to spread.
 It is also known as "police trojan".
 Its ...
CryptoLocker
 A Encrypting ransomware reappeared in 2013.
 Distributed either as an attachment to a malicious e-mail.
 ...
Tox Free RansomwareToolkit
Continue…….
 'Tox' Offers Free build-your-own Ransomware Malware Toolkit.
 Tox is completely free to use.
 One dark web...
Continue…….
 'Tox' Offers Free build-your-own Ransomware Malware Toolkit.
 Tox is completely free to use.
 One dark web...
Make your own Ransomware
Once a user register with the site, follow these three simple steps to
creating your own malware:...
"This process creates an executable of about 2MB that is disguised as a .scr
file.
Then the Tox [users] distribute and ins...
RansomwareWeekend Highlights
• Kostya Ransomware targets CzechVictims
• A new in-the-wild ransomware was discovered by sec...
Thank You…….
Nullmeet October 2016: Introduction to Ransomware
Nullmeet October 2016: Introduction to Ransomware
Nullmeet October 2016: Introduction to Ransomware
Nullmeet October 2016: Introduction to Ransomware
Nullmeet October 2016: Introduction to Ransomware
Upcoming SlideShare
Loading in …5
×

Nullmeet October 2016: Introduction to Ransomware

539 views

Published on

Null Bhopal Monthly Meet October 2016...
Introduction to Ransomwares

Published in: Technology
  • Be the first to comment

Nullmeet October 2016: Introduction to Ransomware

  1. 1. Ransomware By Sahil Khan Null Bhopal Meet October 2016
  2. 2. Ransomware • What is Ransomware? • History.. • How does Ransomware Operate? • What can you do about it? • Types of Ransomware • Famous Ransomware • CreateYour Own Ransomware • RansomwareWeekend Highlight
  3. 3. GoogleTrends on Ransomware
  4. 4. What is Ransomware? • Ransomware is a type of malware which is widely classified as aTrojan. • It restricts access to or damages the computer for the purpose of extorting money from the victim. • It also has the capability to encrypt a user’s files, display different threat messages, and force the user to pay ransom via an online payment system.
  5. 5. History... The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
  6. 6. How does a Ransomware operate? • Ransomware typically propagates as aTrojan like a conventional computer worm entering a system through; for example, a downloaded file or a vulnerability in a network service. • Encrypt personal files on the hard drive. • Locks the computer display and does not allow the user to access any programs.
  7. 7. What can you do about It???
  8. 8. On the one hand, ransomware can be extremely scary – the encrypted files can essentially be considered damaged and beyond repair. But if you have properly prepared your system, it is really nothing more than a nuisance. There are a few things that you can do to keep ransomware from wrecking your day.
  9. 9. Back up your data The single most important thing you can do to prepare for emergencies, including being affected by ransomware, is to have regularly updated backups. Many ransomware variants will encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores to which you have assigned a drive letter. So your backup needs to be on an external drive or backup service that is disconnected from your devices and network when not in use, and secured both physically and digitally.
  10. 10. Keep your Software Updated Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to get onto systems unobserved. It can significantly decrease the potential for malware infection if you make a practice of updating your software often. Enable automatic updates if you can, update through the software’s internal update process, or go directly to the software vendor’s website. Malware authors sometimes disguise their creations as software update notifications, so by going to well-known and good software repositories you can increase the odds of getting clean, vetted updates. On Windows, you may wish to double-check that old – and potentially vulnerable – versions of the software are removed by looking in Add/Remove Software within the Control Panel.
  11. 11. Use a Reputable Security Suite It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Malware authors frequently update their creations to try to avoid detection, so it is important to have both these layers of protection. If you run across a ransomware variant that is so new that it gets past anti-malware software, it might still be caught by a firewall when it attempts to connect with its Command and Control (C&C) server to receive instructions for encrypting your files. The next few tips are to help you deal with the methods that current ransomware variants have been using – these tips may not help in every case, but they are inexpensive and minimally intrusive ways to cut off access routes used by a variety of malware families.
  12. 12. Show Hidden File Extension One popular method malware uses to appear innocent is to name files with double extensions, such as “.PDF.EXE”. By default, Windows and OSX hide known file extensions; malware takes advantage of this behavior to make a file appear to be one that would commonly be exchanged. If you enable the ability to see the full file-extension, it can be easier to spot suspicious file types.
  13. 13. Filter exe in Email If your gateway mail scanner has the ability to filter files by extension, you may want to deny mails that arrive with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (For example, “Filename.PDF.EXE”). If you do legitimately need to exchange executable files within your environment and are denying emails with “.EXE” files, you can send them within ZIP files or via cloud services. Sending in ZIP files can also give you an extra layer of assurance, as it allows you to choose an official, universal password for use within your household or company, which can help you identify unofficial files that don’t use your agreed-upon password.
  14. 14. Disable RDP Ransomware sometimes accesses machines by using Remote Desktop Protocol (RDP), which is a Windows utility that allows others to access your desktop remotely. If you do not need use RDP in your environment, you can disable it to protect your machines. For instructions on how to do so, visit the appropriate Microsoft Knowledge Base article.
  15. 15. Check to see if decrypter is available Sometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your problem is available for free, from a reputable source.
  16. 16. Use System Restore Sometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your problem is available for free, from a reputable source.
  17. 17. Use System Restore Sometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your problem is available for free, from a reputable source.
  18. 18. Set BIOS Clock back Some ransomware variants have a payment timer that increases the price for your decryption key after a set time. You may be able to give yourself additional time by setting the BIOS clock back to a time before the deadline window is up.
  19. 19. Types Of Ransomware  Locker Ransomware – Denies access to computer or device.  Crypto Ransomware – Prevents access to files or Data
  20. 20. Famous Ransomware • Reveton • CryptoLocker • CryptoLocker.F andTorrentLocker
  21. 21. Reveton  In 2012, a major ransomware worm known as Reveton began to spread.  It is also known as "police trojan".  Its payload displays a warning from a law enforcement agency.  Claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc.  The warning informs the user that to unlock their system they would have to pay a fine.  To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
  22. 22. CryptoLocker  A Encrypting ransomware reappeared in 2013.  Distributed either as an attachment to a malicious e-mail.  Cryptolocker was also propagated using the Gameover ZeuS.  Encrypts certain types of files stored on local drives using RSA public-key cryptography.  The private key stored only on the malware's control servers.  Offers to decrypt the data if a payment is made by a stated deadline.  Threatens to delete the private key if the deadline passes.  It was isolated in May 2014,when a Gameover botnet was knocked out.
  23. 23. Tox Free RansomwareToolkit
  24. 24. Continue…….  'Tox' Offers Free build-your-own Ransomware Malware Toolkit.  Tox is completely free to use.  One dark web hacker has released this for anyone to download and set up their own ransomware for free.  Tox, which runs on TOR, requires not much technical skills to use.  It is designed in such a way that almost anyone can easily deploy ransomware in three simple steps.
  25. 25. Continue…….  'Tox' Offers Free build-your-own Ransomware Malware Toolkit.  Tox is completely free to use.  One dark web hacker has released this for anyone to download and set up their own ransomware for free.  Tox, which runs on TOR, requires not much technical skills to use.  It is designed in such a way that almost anyone can easily deploy ransomware in three simple steps.
  26. 26. Make your own Ransomware Once a user register with the site, follow these three simple steps to creating your own malware: Type a desired ransom amount you want to ask victims for. Provide an additional note in the "Cause", the message that will alert victims that they are being held hostage to a piece of malware. Finally, you are prompted to fill out a captcha, and click "Create".
  27. 27. "This process creates an executable of about 2MB that is disguised as a .scr file. Then the Tox [users] distribute and install as they see fit. The Tox site (runs on the TOR network) will track the installs and profit. To withdraw funds, you need only supply a receiving Bitcoin address.“ - McAfee explains..
  28. 28. RansomwareWeekend Highlights • Kostya Ransomware targets CzechVictims • A new in-the-wild ransomware was discovered by security researcher Jack • The Comrade Circle Ransomware uses a fakeWindows Update Screen while Encrypting • New variant of the Enigma Ransomware was Released • EvilTwin's Exotic Ransomware targets Executable Files • Decryptor forVersion 2 of the DXXD Ransomware is Available • New variant of the Nuke Ransomware uses the .nuclear55 Extension • Cisco'sTalos Group releases the LockyDumpTool for Researchers
  29. 29. Thank You…….

×