SlideShare a Scribd company logo

Ransomware shuts down your client.. What do you do?

Download as PPTX, PDF
Webroot
Webroot

As the impact and severity of crypto ransomware attacks has grown over the past 2½ years, Webroot has fought back -- not just by building a next-generation endpoint solution capable of preventing ransomware attacks but also by being a thought leader. That's why we've prepared this presentation that explores ransomware's evolution, the dangers of ransomware for your business, and best practices to avoid being a crypto ransomware victim.

Technology
1 of 13
1Friday, February 10, 2017 Crypto Ransomware: a Real Problem with Real Solutions
2Friday, February 10, 2017 Agenda Ransomware’s evolution Costs of ransomware attacks How ransomware infects systems Conclusion Major threat trends How to avoid being a crypto ransomware victim
3Friday, February 10, 2017 Major Threat Trends
4Friday, February 10, 2017 Polymorphic Malware Is the Norm Source: Webroot – 2016 Threat Brief, February 2016 97% of new malware is unique to a specific endpoint, rendering signature-based security obsolete Malware and PUAs have become overwhelmingly polymorphic
5Friday, February 10, 2017 “Good” and “Bad” Websites Source: Webroot – 2016 Threat Brief, February 2016
6Friday, February 10, 2017 High Success Rates of Phishing Attacks Source: Webroot – 2016 Threat Brief, February 2016 of internet users will fall for a zero-day phishing attack in a year 50%
7Friday, February 10, 2017 Mobile Apps Are Riskier than Ever Source: Webroot – 2016 Threat Brief, February 2016 52% 30% 18% 22% 50% 28% Increase indicates a shift to malicious and unwanted apps 2014 2015
8Friday, February 10, 2017 Ransomware’s Evolution
9Friday, February 10, 2017 What Is Crypto Ransomware? Classification Trojan horse Type Ransomware/crypto virus OS affected Windows First observed September 2013 Drive types Local, network, and removable Drive types Spam botnet lures victim Phishing email with attachment Attachment downloader gets Zeus Zeus gets CryptoLocker/CryptoDefense
10Friday, February 10, 2017 Evolution of Crypto Ransomware Increasing adoption of IP anonymizing services 01 Ransomware-as- a-service 02 Detection issues due to thread injection, process hollowing, and new exploits 03 Expanding past Windows to macOS 04 Now a commodity extortion service!
11Friday, February 10, 2017 How Ransomware Infects Systems
12Friday, February 10, 2017 Silent Deployment Before After 1 3 2
13Friday, February 10, 2017 Click here for full presentation

Recommended

Consumerproduct
Consumerproduct Consumerproduct
Consumerproduct Webroot
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
The secret of successful software teams
The secret of successful software teams The secret of successful software teams
The secret of successful software teams Premier Capital Partners
 
Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Visual Studio 2013 - Recursos da IDE
Visual Studio 2013 - Recursos da IDEVisual Studio 2013 - Recursos da IDE
Visual Studio 2013 - Recursos da IDEStefanini
 
Wedia Social Media presentation at DigitalDays
Wedia Social Media presentation at DigitalDaysWedia Social Media presentation at DigitalDays
Wedia Social Media presentation at DigitalDaysPanos Kontopoulos
 
Innovation In The Workplace Andrew James
Innovation In The Workplace Andrew JamesInnovation In The Workplace Andrew James
Innovation In The Workplace Andrew JamesKonica Minolta
 
TXT Next Presentation
TXT Next Presentation TXT Next Presentation
TXT Next Presentation TXT e-solutions
 

Recommended

Consumerproduct
Consumerproduct Consumerproduct
Consumerproduct Webroot
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
The secret of successful software teams
The secret of successful software teams The secret of successful software teams
The secret of successful software teams Premier Capital Partners
 
Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Visual Studio 2013 - Recursos da IDE
Visual Studio 2013 - Recursos da IDEVisual Studio 2013 - Recursos da IDE
Visual Studio 2013 - Recursos da IDEStefanini
 
Wedia Social Media presentation at DigitalDays
Wedia Social Media presentation at DigitalDaysWedia Social Media presentation at DigitalDays
Wedia Social Media presentation at DigitalDaysPanos Kontopoulos
 
Innovation In The Workplace Andrew James
Innovation In The Workplace Andrew JamesInnovation In The Workplace Andrew James
Innovation In The Workplace Andrew JamesKonica Minolta
 
TXT Next Presentation
TXT Next Presentation TXT Next Presentation
TXT Next Presentation TXT e-solutions
 
Why Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenterWhy Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenterTegile Systems
 
Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮NSFOCUS
 
5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro Area5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro AreaSims Recycling Solutions
 
New Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & ITNew Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & ITSymplified
 
Getting started with performance testing
Getting started with performance testingGetting started with performance testing
Getting started with performance testingTestplant
 
Dr Ravi Gupta
Dr Ravi GuptaDr Ravi Gupta
Dr Ravi GuptaElets Technomedia Pvt. Ltd.
 
Top 10 Business Continuity Disasters
Top 10 Business Continuity DisastersTop 10 Business Continuity Disasters
Top 10 Business Continuity DisastersRentsys Recovery Services
 
Running SagePFW in a Private Cloud
Running SagePFW in a Private CloudRunning SagePFW in a Private Cloud
Running SagePFW in a Private CloudVertical Solutions
 
Presence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visualesPresence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visualesPresence Technology
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

More Related Content

Viewers also liked

Why Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenterWhy Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenterTegile Systems
 
Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮NSFOCUS
 
5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro Area5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro AreaSims Recycling Solutions
 
New Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & ITNew Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & ITSymplified
 
Getting started with performance testing
Getting started with performance testingGetting started with performance testing
Getting started with performance testingTestplant
 
Running SagePFW in a Private Cloud
Running SagePFW in a Private CloudRunning SagePFW in a Private Cloud
Running SagePFW in a Private CloudVertical Solutions
 
Presence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visualesPresence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visualesPresence Technology
 

Viewers also liked (9)

Why Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenterWhy Consider #FlashStorage in your #DataCenter
Why Consider #FlashStorage in your #DataCenter
 
Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮Rsa2012 下一代安全的战略思考-绿盟科技赵粮
Rsa2012 下一代安全的战略思考-绿盟科技赵粮
 
5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro Area5 Reasons to Recycle in the D.C. Metro Area
5 Reasons to Recycle in the D.C. Metro Area
 
New Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & ITNew Research: Cloud, Cost & Complexity Impact IAM & IT
New Research: Cloud, Cost & Complexity Impact IAM & IT
 
Getting started with performance testing
Getting started with performance testingGetting started with performance testing
Getting started with performance testing
 
Dr Ravi Gupta
Dr Ravi GuptaDr Ravi Gupta
Dr Ravi Gupta
 
Top 10 Business Continuity Disasters
Top 10 Business Continuity DisastersTop 10 Business Continuity Disasters
Top 10 Business Continuity Disasters
 
Running SagePFW in a Private Cloud
Running SagePFW in a Private CloudRunning SagePFW in a Private Cloud
Running SagePFW in a Private Cloud
 
Presence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visualesPresence Agent y Presence Scripting para personas con limitaciones visuales
Presence Agent y Presence Scripting para personas con limitaciones visuales
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Ransomware shuts down your client.. What do you do?

  • 1. 1Friday, February 10, 2017 Crypto Ransomware: a Real Problem with Real Solutions
  • 2. 2Friday, February 10, 2017 Agenda Ransomware’s evolution Costs of ransomware attacks How ransomware infects systems Conclusion Major threat trends How to avoid being a crypto ransomware victim
  • 3. 3Friday, February 10, 2017 Major Threat Trends
  • 4. 4Friday, February 10, 2017 Polymorphic Malware Is the Norm Source: Webroot – 2016 Threat Brief, February 2016 97% of new malware is unique to a specific endpoint, rendering signature-based security obsolete Malware and PUAs have become overwhelmingly polymorphic
  • 5. 5Friday, February 10, 2017 “Good” and “Bad” Websites Source: Webroot – 2016 Threat Brief, February 2016
  • 6. 6Friday, February 10, 2017 High Success Rates of Phishing Attacks Source: Webroot – 2016 Threat Brief, February 2016 of internet users will fall for a zero-day phishing attack in a year 50%
  • 7. 7Friday, February 10, 2017 Mobile Apps Are Riskier than Ever Source: Webroot – 2016 Threat Brief, February 2016 52% 30% 18% 22% 50% 28% Increase indicates a shift to malicious and unwanted apps 2014 2015
  • 8. 8Friday, February 10, 2017 Ransomware’s Evolution
  • 9. 9Friday, February 10, 2017 What Is Crypto Ransomware? Classification Trojan horse Type Ransomware/crypto virus OS affected Windows First observed September 2013 Drive types Local, network, and removable Drive types Spam botnet lures victim Phishing email with attachment Attachment downloader gets Zeus Zeus gets CryptoLocker/CryptoDefense
  • 10. 10Friday, February 10, 2017 Evolution of Crypto Ransomware Increasing adoption of IP anonymizing services 01 Ransomware-as- a-service 02 Detection issues due to thread injection, process hollowing, and new exploits 03 Expanding past Windows to macOS 04 Now a commodity extortion service!
  • 11. 11Friday, February 10, 2017 How Ransomware Infects Systems
  • 12. 12Friday, February 10, 2017 Silent Deployment Before After 1 3 2
  • 13. 13Friday, February 10, 2017 Click here for full presentation

Editor's Notes

  1. HI - CRYPTO-RANSOMWARE IS CAUSING A LOT OF ORGANIZATIONS A LOT OF ISSUES AND ITS IMPACTS CAN BE MITIGATED THE KEY IS IN ‘KNOWING THE ENEMY’ THIS PRESENTATION IS ALL ABOUT GIVING YOU INSIGHT INTO THREAS GENERICALLY AND THEN SPECIFICALLY CRYPTO_RANSOMWARE AND ITS WORKINGS MOST IMPORTANTLY SOME OF THE THINGS YOU CAN DO TO MITIGATE THE SIGNIFICANT DAMAGE CRYPTO-RANSOMWARE WILL LIKELY CAUSE TO YOUR BUSINESS
  2. SO WE’RE GOING TO COVER TODAY’s MAJOR THREAT TRENDS HOW RANSOMWARE HAS EVOLVED HOW IT INFECTS SYSTEMS WHAT IT CAN COST YOU HOW TO MITIGATE THOSE COSTS AND RISKS AND THEN WRAP UP WITH A CONCLUSION
  3. SO LETS KICK-OFF WITH THREAT TRENDS WHAT WE’VE SEEN FROM EVENTS WITH OUR CUSTOMERS AND OUR OVER 40 OEM VENDOR PARTNERS IT WILL GIVE YOU A GOOD IDEA WHY WE ARE UNDER SEIGE RIGHT NOW ON MANY FRONTS…….
  4. WHEN WE LOOK AT ALL OUR DATA FOR ENDPOINT SECURITY ON AVERAGE EACH CUSTOMER ENCOUNTERED ABOUT 1.6 NEW AND UNIQUE INSTANCES OF MALWARE, AND 3 NEW INSTANCES OF PUA (POTENTIALLY UNWANTED APPS) IN 2015. WE SAW EXECUTABLE THREATS CONTINUED TO EMERGE QUICKLY IN 2015 AND THEY WERE HIGHLY CUSTOMIZED AND TARGETED. STAND OUT FINDING WAS THAT OVER 97% OF THE MALWARE ENCOUNTERED WAS SEEN ON ONLY A SINGLE ENDPOINT. WHY? BECAUSE POLYMORPHISM – THE ABILITY TO CHANGE WITH EACH ITERATION BECAME THE NORM THE SHEER NUMBER OF VARIATIONS AMONG MALWARE WAS DRAMATIC TOO. IN 2014 THERE 700 FILE INSTANCES PER MALWARE FAMILY, IN 2015 LESS THAN 100 IN 2014 30,000 FILE INSTANCES PER PUA FAMILY, IN 2015 JUST OVER 260 PER FAMILY THIS CLEARLY EMONSTRATES THAT ATTACKERS ARE MAKING MALWARE MORE DIFFICULT TO DETECT AND USING POLYMORPHIC DISTRIBUTION MODELS AND RAPID NEW VARIANT GENERATION TO CIRCUMVENT DETECTION…….SIGNATURE DATABASE AV IS NOW OFFICIALLY DEAD
  5. WEBROOT’S BRIGHTCLOUD SECURITY INTELLIGENCE SERVICES THAT WE PROVIDE TO OUR OEM PARTNERS HARNESSES BOTH URL CATEGORIZATION AND URL REPUTATION DATA ITS THIS THAT PROVIDES US WITH SOME REALLY INTERESTING INSIGHTS INTO THE INTERNET ON THE LEFT WE SEE THE TOP TEN CATEGORIES OF URL VISITED AND ON THE RIGHT, WE SEE URL CATEGORIES BY ACTUAL RISK TO USERS. ALL THOSE CIRCLED WOULD BE CONSIDERED SAFE URLS IN ANY WORK INTERNET USAGE AND ACCESS POLICY BUT, AS WE CAN SEE, THOSE CATEGORIES ARE FAR FROM BEING SAFE -GOOD CAN LITERALLY BE BAD AND WE ALSO FIND THE OPPOSITE THAT BAD URL CATEGORIES ARE OFTEN GOOD THIS JUST CLARIFIES THE RISKS YOU FACE IN DAILY NORMAL USE OF THE WEB
  6. THERE IS ONE PARTICULAR TYPE OF ATTACK I KNOW WE’RE ALL TOO FAMILIAR WITH - THE NOTORIOUS PHISHING ATTACK WE DEVELOPED A REAL-TIME WAY OF STOPPING PHISHING WITH ANOTHER VENDOR THAT PROTECTS HIGH NET WORTH INDIVIDUALS. PHISHING IS IT IS STILL ONE OF THE MOST EFFECTIVE METHODS OF COMPROMISE. IN 2015 WE DETECTED MANY MORE PHISHING PAGES THAN IN 2014 AND BASED ON ALL OUR DATA WE SAW THE AVERAGE USER HAD A 50% CHANCE OF BEING THE VICTIM OF A ZERO-DAY PHISHING SITE ATTACK WHAT MAKES PHISHING DETECTION SO DIFFICULT IS THAT SITES ARE OFTEN INDIVIDUALIZED, ONLY ACTIVE FOR A FEW HOURS, OR EXIST ONLY AS LONG AS IT TAKES FOR PRE-SPECIFIED NUMBER OF USERS TO BE PAWNED. THIS APPROACH MEANS HAVING A BLACKLIST TO DEFEND AGAINST PHISHING DOESN’T REALLY WORK OR SCALE - THE ONLY WAY TO EFFECTIVELY DEFEND USERS IS TO HAVE A REAL TIME AWARENESS AND PREVENTION STATRATEGY IN PLACE….
  7. GIVEN THE PREVALENCE OF SMARTPHONES AND TABLETS AND POPULARITY OF BYOD IT’S NOT SURPRISING MOBILE DEVICES ARE BEING HEAVILY TARGETED. ANDROID IN PARTICULAR HAD A SPECTACULAR APP GROWTH IN 2015 - DOUBLING FROM 10 TO OVER 20 MILLION APPS. (CLICK) 2014 TO 2015 SHOWED A MAJOR SHIFT IN ANDROID MALWARE - IN THE FIRST HALF OF 2014 21% OF APPS WERE MALICIOUS OR UNWANTED. IN CONTRAST, DURING THE SECOND HALF OF 2015, 52% WERE UNWANTED OR MALICIOUS. ANDROID APPS ARE RISKIER THAN EVER, WHILE ON THE APPLE SIDE WE SEE LITTLE MALWARE… THE LEARNING IS SIMPLE ANDROID MOBILE DEVICES NEED PROTECTING AS THEY ARE NOW NOT ONLY EASY TO STEAL DEVICE FROM BUT ALSO COMPROMIZE NETWORKS TOO……..
  8. SO LETS LOOK AT CRYPTO-RANSOMWARE AND ITS EVOLUTION TO WHERE WE ARE TODAY……
  9. AT A REALLY HIGH LEVEL, CRYPTO-RANSOMWARE IS CRYPTO VIRUS TROJAN HORSE THAT TARGETS MAINLY WINDOWS OPERATING SYSTEMS – BUT MAC AND LINUX ALSO GET ATTENTION. FROM A TIMING PERSPECTIVE THE VERY FIRST INSTANCES OF WHAT MIGHT BE CONSIDERED AN ALPHA-OR BETA-TEST VERSION WERE SEEN NEARLY 3 YEARS AGO, DURING MID-SUMMER OF 2013. WHAT THEN MAY BE CONSIDERED A FULL PRODUCTION VERSION OF CRYPTO-RANSOMWARE WAS OBSERVED IN EARLY SEPTEMBER 2013. THE CRYPTO INFECTIONS THEN CAME SURELY AND SWIFTLY AFTERWARDS, LEAVING UNSUSPECTING CONSUMERS AND ONLY A FEW BUSINESSES COMPLETELY BEWILDERED IN MANY CASES. CRYPTO-RANSOMWARE BASICALLY LOOKS AT THE DATA ON YOUR DEVICE AND ENCRYPTS IT. IT WILL LOOK AT THE FULL SPECTRUM OF HARD DRIVE SOURCES IT CAN ENCRYPT - INCLUDING LOCAL HARD DRIVES, NETWORK DRIVES, REMOVABLE HARD DRIVES AND EVEN ATTACHED USB’S. THE INFECTION VECTOR WAS TYPICALLY A MULTI-STEP PROCESS INVOLVING MULTIPLE ACTIONS AND UTILITIES INCLUDING SPAM, PHISHING, DOWNLOADERS, AND EVENTUALLY THE CRYPTO-RANSOMWARE ITSELF, WE WILL LOOK AT THAT PROCESS LATER….. I WOULD ADD THAT CRYPT-RANSOMWARE HAS EVOLVED TO NEWER, MORE DIRECT METHODS TODAY AND AS A ONE-STEP RATHER THAN MULTI-STEP PROCESS AS IT WAS IN THE BEGINNING
  10. SO ITS REALLY A COMBINATION OF ALL THE THREATS WE ARE SEEING THAT IS CONTRIBUTING TO HIGHER INFECTION RATES AND THE INEXORABLE RISE OF CRYPTO-RANSOMWARE. HOWEVER THE REASON FOR THE MASSIVE ACCELERATION THIS YEAR IS THAT CRYPTO-RANSOMWARE IS NOW A MALWARE COMMODITY – RANSOMWARE AS A SERVICE - WITH THE ABILITY FOR ANYONE TO GO INTO THE EXTORTION BUSINESS THE PICTURE ON THE RIGHT SHOWS YOU HOW EASY IT IS TO CHOOSE A WHOLE SET OF VARIANTS IN THE DESIGN OF YOUR ATTACK THEN ATTACKERS ARE USING ANONYMIZING SERVICES SUCH AS TOR FOR DELIVERY AND KEY PROVISIONING - TO MAKE IT DIFFICULT TO IDENTIFY INDIVIDUALS OR GROUPS BEHIND ATTACKS RANSOMWARE VARIES WIDELY IN ITS TECHNICAL SOPHISTICATION – USING THREAD INJECTION, PROCESS HOLLOWING, AND OTHER NEW EXPLOIT TECHNIQUES TO EVADE DETECTION. WE’VE ALSO RECENTLY SEEN THE FIRST JAVASCRIPT-BASED RANSOMWARE - RANSOM32 THIS HAS A PROFOUND IMPACT TODAY SINCE JAVASCRIPT CAN EASILY BE ADAPTED FOR NUMEROUS PLATFORMS, INCLUDING SOME THAT HAVE NOT BEEN WIDELY TARGETED BEFORE - SUCH AS LINUX AND MAC OS X SURE AS NIGHT FOLLOWS DAY WE SAW KERANGER THE FIRST BROADSCALE MAC RANSOMWARE EMERGE IN FEBRUARY THIS YEAR. (CLICK) IN 2016 IT HAS BECOME A BUSINESS PLAGUE - 4,000+ ATTACKS PER DAY IN Q1, (SYMANTEC) 158,000 BUSINESS TARGETTED COMPARED TO 27,000 IN 2015 (KASPERSKY) RANSOMWARE IS NOW A SIGNIFICANT AND MAJOR THREAT TO ORGANIZATIONS AND FOLLOWS THE PRIMARY CRIMINAL RULE - FOLLOW THE EASY MONEY!
  11. SO LET’S TAKE A DEEPER LOOK AT HOW SOME RANSOMWARE IS INFECTING SYSTEMS?
  12. WE’RE GOING TO LOOK AT WHAT A TYPICAL USER SEES WITH ZEUS SPECIFIC CRYPTO-RANSOMWARE. AS WE CAN SEE THE FIRST STEP, NO. 1. IS A PHISHING EMAIL THAT HAS A ZIP FILE ATTACHMENT. INSIDE THE ZIP ARE WHAT APPEARS TO THE USER AS A PDF/DOC/TEXT ATTACHMENT, BUT THIS IS ACTUALLY THE INITIAL DROPPER. ONCE LAUNCHED THIS SILENTLY DROPs A POLYMORPHIC EXECUTABLE INTO A RANDOM TEMP OR APPDATA FOLDER THIS THEN COMMUNICATES TO A COMMAND AND CONTROL SEVER – WHICH RECEIVES SPECIFIC INFORMATION ALREADY GATHERED ABOUT YOUR PC AND BASED ON THAT INFO THE RIGHT CRYPTO-RANSOMWARE PRE-BUILT FOR YOUR SPECIFIC PC ENVIRONMENTS IS DELIVERED. (THIS STEP IS NEEDED BECAUSE DIFFERENT OPERATING SYSTEMS MAY HAVE DIFFERENT POLICIES AND REQUIRE DIFFERENT COMMANDS TO TAKE CONTROL.) THE ONLY THING THE USER WILL NOTICE IS ITEM NUMBERED 2. THAT THROUGH APPLICATION BINDING, THE DROPPER WILL ALSO OPEN A CORRESPONDING “FAKE” DOCUMENT WITH GIBBERISH FILLER OR “ERROR!” IT MIGHT ALSO BE ACCOMPANIED WITH A SIMPLE DIALOG POP UP BOX (ITEM 3) WITH ERRORS TELLING YOU TO UPGRADE YOUR ADOBE READER, .NET FRAMEWORK, FLASH, ETC. THE VIRUS WILL THEN DELETE THE ORIGINAL MALICIOUS DROPPER AND REPLACE IT WITH A HARMLESS SAVED COPY OF THE JUST OPENED “ERROR” PDF/DOC/TEXT FILE WITH THE SAME NAME - MAKING THE USER THINK IT WAS JUST A HARMLESS DOCUMENT THE ENTIRE TIME. ALL OF WHAT I JUST EXPLAINED TAKES PLACE IN LESS THAN A SECOND. IF YOU NOTICE THE LEFT AND RIGHT FILE COMPARISON ARE THE BEFORE AND AFTER OF THE ENCRYPTING RANSOMWARE DEPLOYMENT. THE ICONS USED ON THE DROPPER (LEFT) ARE JUST BARELY OFF WHAT A LEGITIMATE DOCUMENT ICON WOULD BE IN MS WINDOWS (RIGHT). ALL OF THESE SOCIAL ENGINEERING TACTICS ARE VERY SUCCESSFUL AT ESTABLISHING LEGITIMACY IN THE MIND TO THE AVERAGE USER, TRANSFORMING WHAT WOULD BE AN ALERT FOR MALWARE CONCERN TO SIMPLY FRUSTRATIONS OF RANDOM ISSUES WITH COMMON SOFTWARE. THIS IS THE GOAL OF THE MALWARE AUTHOR AS IT ALLOWS THE ENCRYPTING RANSOMWARE GREATER CHANCE TO DEPLOY ON THE SYSTEM AND ENCRYPT YOUR FILES BEFORE YOUR AV WOULD HAVE SIGNATURES FOR IT.