SlideShare a Scribd company logo

Ransomware ly

Lisa Young
Lisa Young

This document provides an overview of ransomware presented by Lisa Young. It begins with her background and experience in IT. The presentation defines ransomware, outlines its history from 2005, and provides statistics on its growth. It describes how ransomware works, common types like encryption and lock screen variants, and examples of major ransomware like Cryptolocker, Cryptowall, and WannaCry. Tips are provided on how to avoid ransomware through patching, backups, and security awareness training. Controls from the HITRUST framework are also mapped that relate to preventing and recovering from ransomware.

Education
1 of 27
Download to read offline
RANSOMWARE PRESENTATION Lisa Young May 21, 2017
Agenda • Introduction – Education & Work History • What is Ransomware? • Ransomware History Timeline • Ransomware Statistics • Types of Ransomware • Examples of Ransomware • Cryptolocker and Cryptowall • Wanncry • Tips to Avoid Ransomware • Questions & Answers 2
Education & Work History – Lisa Young 3 Various jobs Computer Aided Drafting CAD operator1985- 1988 Network Manager/CAD Operator – KTG Glassworks – 1988 - 1999 Customer Support/IT Director – Anesthesia Recording, Inc. /Agilent Technologies – 1999 – 2000 Systems Network Engineer/IT Site Manager Philips Healthcare 2000 - 2013 Student Transitioning 2013 Security Analyst – Gateway Health – 2013 - 2015 Senior Information Security Risk Consultant – 2015 - Present Education Work History
Ransomware Information ➢ What is ransomware? Malicious software (malware) that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it ➢ Where did ransomware originate? The first documented case ‘Gpcoder’appeared in 2005 in the United States, but quickly spread around the world ➢ How does it affect a computer? The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music ➢ How can you protect yourself? Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection ➢ How much are victims expected to pay? The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500 or about $652.00 in the US. However, there’s no guarantee that paying will get your data back http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/ 4
Ransomware History Timeline-2005 – Q1, 2016 5
Ransomware Statistics http://invenioit.com/security/ransomware-statistics-2016/ 6 Ransomware Statistics Ransomware emails spiked 6,000% 40% of all spam email had ransomware 59% of infections came from email 92% of surveyed IT firms reported attacks on their clients Infections hit 56,000 in a single month Attacks expected to double in 2017 Healthcare and Financial Services were the hardest hit 70% of businesses paid the ransom 20% of businesses paid more than $40,000 Less than 25% of ransomware attacks are reported Most businesses face at least 2 days of downtime
Types of Ransomware ➢ Encryption – Crypto – Affects data and files on system, system functions but cannot access the files ➢ Lock Screen – Prevents victim from using the system by locking all components ➢ Master Boot Record MBR – Prevents victim from booting the system 7
1. Cryptolocker and Cryptowall – September 5, 2013 ➢Ransomware Trojans that encrypt your personal files ➢(Trojan - malicious computer program which is used to hack into a computer by misleading users of its true intent) ➢Use social engineering techniques that trick you into running it. ➢Designed to extort money ➢Spreads in many ways ➢Phishing emails that contain malicious attachments or links ➢Drive-by download sites ➢Password protected zip file in email – password included ➢Often cryptolocker arrives in files that contain double extensions such as filename.pdf.exe 8
How Cryptolocker gets installed ➢When victim clicks the file, the Trojan goes memory resident on the computer and takes the following actions: ➢Saves itself to a folder in the user’s profile (AppData, LocalAppData). ➢Adds a key to the registry to make sure it runs every time the computer starts up. ➢Spawns two processes of itself: One is the main process, the other aims to protect the main process against termination. 9
File Encryption ➢ CryptoLocker encrypts files on the computer’s hard disk and every network drive the infected user has access to. 10
2. Wannacry – May 12,2017 One anonymous doctor at a major trauma center in London wrote online: 'Everything has gone down. No blood results, no radiology images, there's no group specific blood available.’ ➢ Hospitals across the country ➢ As of 5/14/17 – 150 countries affected & 230,000 victims ➢ Weekend chaos ➢ Russian-Linked cyber gang ‘Shadow Brokers’ blamed 11
WannaCry Message Locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor program itself. 12
Cyber Attack hits German Train Station 13
How Wannacry Spreads ➢Exploits a Windows server vulnerability – Security Bulletin MS17-010 patch available since March 2017 ➢The NSA discovered, but information about it and how to exploit it was stolen in a breach and then leaked to the public by a hacking group known as the Shadow Brokers. ➢Microsoft issued a fix in mid-March, but many computers and servers never actually received the patch, leaving those systems open to attack. ➢A young cyber expert managed to stop the spread of the attack by accidentally triggering a "kill switch" when he bought a web domain for less than £10. ➢When the WannaCry program infects a new computer it contacts the web address. It is programmed to terminate itself if it manages to get through. When the 22-year-old researcher bought the domain the ransomware could connect and was therefore stopped. This created what is known as a ‘sinkhole’. 14
How to Avoid Ransomware ➢Patch Computers ➢Use anti virus and always have the latest update. ➢Be wary of emails from senders you don’t know – especially with attachments such as .zip files ➢Don’t click links in emails ➢Disable hidden file extensions ➢Backup your data on a regular basis ➢Don’t pay the ransom https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07 15
Questions 16
Appendix Cyber Maps Terms defined Related HITRUST Controls Norse Attack Map Sinkhole 02.e Information Security Awareness, Education, and Training CheckPoint Threat Cloud Malware 09.J Controls against malicious code FIREEYE CYBER THREAT MAP Trojan 09.L Backup KASPERSKY - CYBERTHREAT REAL- TIME MAP Worm 10.k Change Control Procedures Digital Attack Map Virus Botnet Domain Name Service (DNS) Ransomware Bitcoin Drive-by-download attack Server Message Block (SMB) 17
Norse Attack Map • Http://map.norsecorp.com/#/ Ranks the country of attack origin, attack type, attack target country and displays a live feed of attacks. 18
Check Point - THREATCLOUD Shows attacking and targeted countries, along with a counter of how many attacks have happened in the current day. 19
FIREEYE CYBER THREAT MAP Shows similar data as the Norse and Check Point maps, they also show the top 5 targeted industries for the past 30 days. 20
KASPERSKY - CYBERTHREAT REAL-TIME MAP Can customize the look of the map by filtering certain types of malicious threats, such as email malware, Web site attacks, vulnerability scans, etc. 21
Digital Attack Map 22
Terms • Sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by security analysts. Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware. • Malware – Malicious software program that is intended to damage or disable computers and computer systems. • Trojan - Malicious computer program which is used to hack into a computer by misleading users of its true intent • Worm - standalone malicious software that does not require a host program or human help to propagate. • Virus - type of malicious software program ("malware") that, when executed, replicates itself by modifying other computer programs and inserting its own code. Infected computer programs can include as well, data files, or the "boot" sector of the hard drive. • Botnet - a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages. • Domain Name Servers (DNS) - The Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. • Ransomware - Malicious software (malware) that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it • Bitcoin - a type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. • Drive-by-download attack – means two things, each concerning the unintended download of computer software from the Internet: Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically. • Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS, /ˈsɪfs/),[1][2] operates as an application-layer network protocol[3] mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. • Note: Definitions from wikipedia 23
02.e Information Security Awareness, Education, and Training CSF Control for Spam/Malicious attachment Control Text Implementation Requirement 02.E Information Security/Awareness, Education, and Training All employees of the organizations and contractors and third party users shall receive appropriate awareness training and regular updates in organizational policies and procedures as relevant to their job function. Ongoing training for these individuals and organizations shall include security and privacy requirements as well as training in the correct use of information assets and facilities (including but not limited to log-on procedures, use of software packages, anti-malware for mobile devices, and information on the disciplinary process). 24
09.J Controls against malicious code CSF Control for Ransomware Control Text Implementation Requirement 09.J Controls against malicious code Detection, prevention, and recovery controls shall be implemented to protect against malicious code, and appropriate user awareness procedures on malicious code shall be provided. Protection against malicious code shall be based on malicious code detection and repair software, security awareness, and appropriate system access and change management controls. 25
09.L Backup CSF Control for Crypto- Ransomware Control Text Implementation Requirement 09.L Backup Backup copies of information and software should be taken and tested regularly. Backup copies of information and software shall be made, and tested at appropriate intervals. Complete restoration procedures shall be defined and documented for each system. 26
10.k Change Control Procedures CSF Control for security updates on systems Control Text Implementation Requirement 10.k Change Control Procedures The implementation of changes, including patches, service packs, and other updates and modifications, shall be controlled by the use of formal change control procedures. Review and update the baseline configuration of the information system: when required due to critical security patches, upgrades and emergency changes (e.g., unscheduled changes, system crashes, replacement of critical hardware components), major system changes/upgrades; i. as an integral part of information system component installations, ii. upgrades, and iii. supporting baseline configuration documentation reflects ongoing implementation of operational configuration baseline updates, either directly or by policy. 27

Recommended

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Beyond The Dark Hacking Screen
Beyond The Dark Hacking ScreenBeyond The Dark Hacking Screen
Beyond The Dark Hacking ScreenSegun Ebenezer Olaniyan
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 

Recommended

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Beyond The Dark Hacking Screen
Beyond The Dark Hacking ScreenBeyond The Dark Hacking Screen
Beyond The Dark Hacking ScreenSegun Ebenezer Olaniyan
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis MPhil/MRes/BSc
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdfHiYeti1
 
News Bytes
News BytesNews Bytes
News BytesMegha Sahu
 

More Related Content

What's hot

Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 

What's hot (20)

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communications
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 

Similar to Ransomware ly

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdfHiYeti1
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 

Similar to Ransomware ly (20)

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
News Bytes
News BytesNews Bytes
News Bytes
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
 
Network Security.pptx
Network Security.pptxNetwork Security.pptx
Network Security.pptx
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Malware
MalwareMalware
Malware
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Brooks18
Brooks18Brooks18
Brooks18
 
Ransomware
RansomwareRansomware
Ransomware
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Network Security
Network SecurityNetwork Security
Network Security
 
Ransomware
RansomwareRansomware
Ransomware
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 

Recently uploaded (20)

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 

Ransomware ly

  • 2. Agenda • Introduction – Education & Work History • What is Ransomware? • Ransomware History Timeline • Ransomware Statistics • Types of Ransomware • Examples of Ransomware • Cryptolocker and Cryptowall • Wanncry • Tips to Avoid Ransomware • Questions & Answers 2
  • 3. Education & Work History – Lisa Young 3 Various jobs Computer Aided Drafting CAD operator1985- 1988 Network Manager/CAD Operator – KTG Glassworks – 1988 - 1999 Customer Support/IT Director – Anesthesia Recording, Inc. /Agilent Technologies – 1999 – 2000 Systems Network Engineer/IT Site Manager Philips Healthcare 2000 - 2013 Student Transitioning 2013 Security Analyst – Gateway Health – 2013 - 2015 Senior Information Security Risk Consultant – 2015 - Present Education Work History
  • 4. Ransomware Information ➢ What is ransomware? Malicious software (malware) that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it ➢ Where did ransomware originate? The first documented case ‘Gpcoder’appeared in 2005 in the United States, but quickly spread around the world ➢ How does it affect a computer? The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music ➢ How can you protect yourself? Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection ➢ How much are victims expected to pay? The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500 or about $652.00 in the US. However, there’s no guarantee that paying will get your data back http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/ 4
  • 6. Ransomware Statistics http://invenioit.com/security/ransomware-statistics-2016/ 6 Ransomware Statistics Ransomware emails spiked 6,000% 40% of all spam email had ransomware 59% of infections came from email 92% of surveyed IT firms reported attacks on their clients Infections hit 56,000 in a single month Attacks expected to double in 2017 Healthcare and Financial Services were the hardest hit 70% of businesses paid the ransom 20% of businesses paid more than $40,000 Less than 25% of ransomware attacks are reported Most businesses face at least 2 days of downtime
  • 7. Types of Ransomware ➢ Encryption – Crypto – Affects data and files on system, system functions but cannot access the files ➢ Lock Screen – Prevents victim from using the system by locking all components ➢ Master Boot Record MBR – Prevents victim from booting the system 7
  • 8. 1. Cryptolocker and Cryptowall – September 5, 2013 ➢Ransomware Trojans that encrypt your personal files ➢(Trojan - malicious computer program which is used to hack into a computer by misleading users of its true intent) ➢Use social engineering techniques that trick you into running it. ➢Designed to extort money ➢Spreads in many ways ➢Phishing emails that contain malicious attachments or links ➢Drive-by download sites ➢Password protected zip file in email – password included ➢Often cryptolocker arrives in files that contain double extensions such as filename.pdf.exe 8
  • 9. How Cryptolocker gets installed ➢When victim clicks the file, the Trojan goes memory resident on the computer and takes the following actions: ➢Saves itself to a folder in the user’s profile (AppData, LocalAppData). ➢Adds a key to the registry to make sure it runs every time the computer starts up. ➢Spawns two processes of itself: One is the main process, the other aims to protect the main process against termination. 9
  • 10. File Encryption ➢ CryptoLocker encrypts files on the computer’s hard disk and every network drive the infected user has access to. 10
  • 11. 2. Wannacry – May 12,2017 One anonymous doctor at a major trauma center in London wrote online: 'Everything has gone down. No blood results, no radiology images, there's no group specific blood available.’ ➢ Hospitals across the country ➢ As of 5/14/17 – 150 countries affected & 230,000 victims ➢ Weekend chaos ➢ Russian-Linked cyber gang ‘Shadow Brokers’ blamed 11
  • 12. WannaCry Message Locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor program itself. 12
  • 13. Cyber Attack hits German Train Station 13
  • 14. How Wannacry Spreads ➢Exploits a Windows server vulnerability – Security Bulletin MS17-010 patch available since March 2017 ➢The NSA discovered, but information about it and how to exploit it was stolen in a breach and then leaked to the public by a hacking group known as the Shadow Brokers. ➢Microsoft issued a fix in mid-March, but many computers and servers never actually received the patch, leaving those systems open to attack. ➢A young cyber expert managed to stop the spread of the attack by accidentally triggering a "kill switch" when he bought a web domain for less than £10. ➢When the WannaCry program infects a new computer it contacts the web address. It is programmed to terminate itself if it manages to get through. When the 22-year-old researcher bought the domain the ransomware could connect and was therefore stopped. This created what is known as a ‘sinkhole’. 14
  • 15. How to Avoid Ransomware ➢Patch Computers ➢Use anti virus and always have the latest update. ➢Be wary of emails from senders you don’t know – especially with attachments such as .zip files ➢Don’t click links in emails ➢Disable hidden file extensions ➢Backup your data on a regular basis ➢Don’t pay the ransom https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07 15
  • 17. Appendix Cyber Maps Terms defined Related HITRUST Controls Norse Attack Map Sinkhole 02.e Information Security Awareness, Education, and Training CheckPoint Threat Cloud Malware 09.J Controls against malicious code FIREEYE CYBER THREAT MAP Trojan 09.L Backup KASPERSKY - CYBERTHREAT REAL- TIME MAP Worm 10.k Change Control Procedures Digital Attack Map Virus Botnet Domain Name Service (DNS) Ransomware Bitcoin Drive-by-download attack Server Message Block (SMB) 17
  • 18. Norse Attack Map • Http://map.norsecorp.com/#/ Ranks the country of attack origin, attack type, attack target country and displays a live feed of attacks. 18
  • 19. Check Point - THREATCLOUD Shows attacking and targeted countries, along with a counter of how many attacks have happened in the current day. 19
  • 20. FIREEYE CYBER THREAT MAP Shows similar data as the Norse and Check Point maps, they also show the top 5 targeted industries for the past 30 days. 20
  • 21. KASPERSKY - CYBERTHREAT REAL-TIME MAP Can customize the look of the map by filtering certain types of malicious threats, such as email malware, Web site attacks, vulnerability scans, etc. 21
  • 23. Terms • Sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by security analysts. Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware. • Malware – Malicious software program that is intended to damage or disable computers and computer systems. • Trojan - Malicious computer program which is used to hack into a computer by misleading users of its true intent • Worm - standalone malicious software that does not require a host program or human help to propagate. • Virus - type of malicious software program ("malware") that, when executed, replicates itself by modifying other computer programs and inserting its own code. Infected computer programs can include as well, data files, or the "boot" sector of the hard drive. • Botnet - a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages. • Domain Name Servers (DNS) - The Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. • Ransomware - Malicious software (malware) that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it • Bitcoin - a type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. • Drive-by-download attack – means two things, each concerning the unintended download of computer software from the Internet: Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically. • Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS, /ˈsɪfs/),[1][2] operates as an application-layer network protocol[3] mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. • Note: Definitions from wikipedia 23
  • 24. 02.e Information Security Awareness, Education, and Training CSF Control for Spam/Malicious attachment Control Text Implementation Requirement 02.E Information Security/Awareness, Education, and Training All employees of the organizations and contractors and third party users shall receive appropriate awareness training and regular updates in organizational policies and procedures as relevant to their job function. Ongoing training for these individuals and organizations shall include security and privacy requirements as well as training in the correct use of information assets and facilities (including but not limited to log-on procedures, use of software packages, anti-malware for mobile devices, and information on the disciplinary process). 24
  • 25. 09.J Controls against malicious code CSF Control for Ransomware Control Text Implementation Requirement 09.J Controls against malicious code Detection, prevention, and recovery controls shall be implemented to protect against malicious code, and appropriate user awareness procedures on malicious code shall be provided. Protection against malicious code shall be based on malicious code detection and repair software, security awareness, and appropriate system access and change management controls. 25
  • 26. 09.L Backup CSF Control for Crypto- Ransomware Control Text Implementation Requirement 09.L Backup Backup copies of information and software should be taken and tested regularly. Backup copies of information and software shall be made, and tested at appropriate intervals. Complete restoration procedures shall be defined and documented for each system. 26
  • 27. 10.k Change Control Procedures CSF Control for security updates on systems Control Text Implementation Requirement 10.k Change Control Procedures The implementation of changes, including patches, service packs, and other updates and modifications, shall be controlled by the use of formal change control procedures. Review and update the baseline configuration of the information system: when required due to critical security patches, upgrades and emergency changes (e.g., unscheduled changes, system crashes, replacement of critical hardware components), major system changes/upgrades; i. as an integral part of information system component installations, ii. upgrades, and iii. supporting baseline configuration documentation reflects ongoing implementation of operational configuration baseline updates, either directly or by policy. 27