SlideShare a Scribd company logo

Null mumbai Session on ransomware by_Aditya Jamkhande

N
nullowaspmumbai

Aditya Jamkhande, a senior security analyst at Tata Consultancy Services, presented information on ransomware. Ransomware is malicious software that blocks access to a computer system until a ransom is paid. It can encrypt files until payment is received. Jamkhande discussed the history of ransomware, types like encryption and lock screen ransomware, how it is installed, prominent examples like CryptoLocker and Reveton, prevention methods like backups and updates, and removal processes.

Technology
1 of 37
Download to read offline
Name : Aditya Jamkhande Current Organization : Tata Consultancy Services Position : Senior Security Analyst 1Ransomware_by_Aditya_Jamkhande
2 by_Aditya_Jamkhande
Few Basics (a short video on Bitcoin) Ransomware_by_Aditya_Jamkhande 3
What is a Ransomware  a type of malicious software designed to block access to a computer system until a sum of money is paid  Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Ransomware_by_Aditya_Jamkhande 4
Ransomware_by_Aditya_Jamkhande 5
History  The first known Ransomware was the 1989 “AIDS” Trojan (also known as “PC Cyborg”) written by Joseph Popp  Extortionate ransomware became prominent in May 2005  By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Cryzip and MayArchive began utilizing more sophasticated RSA encryption schemes, with ever-increasing Key- sizes  In 2011,a ransomware worm imitating the windows product activation notice surfaced  In February 2013, a ransomware worm based off the Stamp.Ek exploit kit surfaced  In July 2013, an OS X-specific ransomware worm came into action  Cryptolocker has raked in around 5 million dollars and still counting since the end of 2013 Ransomware_by_Aditya_Jamkhande 6
Terminology and Propagation  The cryptovirology form of the attack has ransomware systematically encrypt files on the system's hard drive, which becomes intractable to decrypt without paying the ransom for the decryption key.  (Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.)  Other attacks may simply lock the system and display messages intended to coax the user into paying.  Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file. Ransomware_by_Aditya_Jamkhande 7
How Cyber criminals / Hackers install ransomware?  Ransomware generates a pop-up window, webpage or email warning from what looks like an official authority  Ransomware is usually installed when you open - A malicious email attachment - Click a malicious link in 1. an email message 2. an instant message 3. on social networking site  Ransomware can even be installed when you visit a malicious site Ransomware_by_Aditya_Jamkhande 8
Types of Ransomware  Encryption Ransomware  Lock Screen Ransomware  Master Boot Record (MBR) Ransomware Ransomware_by_Aditya_Jamkhande 9
Encryption Ransomware  Encrypts personal files/folders (e.g., the contents of you‟re my documents folder-documents, spreadsheets, pictures, videos)  Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment.  You may see a lock screen but not all variants show one  Instead you may only notice a problem when you attempt to open your files  This type is also called „file encryptor‟ ransomware Ransomware_by_Aditya_Jamkhande 10
Ransomware_by_Aditya_Jamkhande 11
Lock Screen Ransomware  „Locks‟ the screen and demands payment  Presents a full screen image that blocks all the other windows  This type is called „WinLocker‟ ransomware  No personal files are encrypted Ransomware_by_Aditya_Jamkhande 12
Ransomware_by_Aditya_Jamkhande 13
Master Boot Record (MBR) Ransomware  The master boot record (MBR) is a section of the computer‟s hard drive that allows the operating system to boot up  MBR ransomware changes the computer‟s MBR so the normal boot process is interrupted  A ransom demand is displayed on screen instead Ransomware_by_Aditya_Jamkhande 14
Reveton  In 2012, a major ransomware worm known as Reveton began to spread.  It is also known as "police trojan".  Its payload displays a warning purportedly from a law enforcement agency.  claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc.  The warning informs the user that to unlock their system they would have to pay a fine.  To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam. Ransomware_by_Aditya_Jamkhande 15
Ransomware_by_Aditya_Jamkhande 16
CryptoLocker  An Encrypting ransomware reappeared in 2013.  Distributed either as an attachment to a malicious e-mail or as a drive-by download.  encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography.  The private key stored only on the malware's control servers.  Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline.  threatens to delete the private key if the deadline passes.  If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin. Ransomware_by_Aditya_Jamkhande 17
Ransomware_by_Aditya_Jamkhande 18
How to prevent ransomware ?  Keep all of the software on your computer up to date.  Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser- related components (Java, Adobe, and the like).  Keep your firewall turned on.  Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.) Ransomware_by_Aditya_Jamkhande 19
Cont..  Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program.  If you run Windows 8 or Windows RT, you don‟t need Microsoft Security Essentials.  Scan your computer with the Microsoft Safety Scanner.  Keep your browser clean.  Always have a good backup system in place, just in case your PC does become infected and you can‟t recover your files. Ransomware_by_Aditya_Jamkhande 20
Identify The Ransomware Most commonly, ransomware is saved to one of the following locations:  C:Programdata(random alpha numerics).exe  C:Users(username)0.(random numbers).exe  C:UsersUsernameAppData(random alpha numerics).exe Ransomware_by_Aditya_Jamkhande 21
Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat:  Windows Defender (built into Windows 8)  Microsoft Security Essentials  Microsoft Safety Scanner  Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.) Ransomware_by_Aditya_Jamkhande 22
Removal – Other Anti-Malware Programs  Start your computer in “Safe Mode with Networking”.  Stop and clean malicious running processes. ○ Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). ○ Double Click to run RogueKiller. ○ Let the prescan to complete and then press on "Scan" button to perform a full scan. ○ When the full scan is completed, press the "Delete" button to remove all malicious items found. ○ Close RogueKiller and proceed to the next Step. Ransomware_by_Aditya_Jamkhande 23
Ransomware_by_Aditya_Jamkhande 24
Clean Remaining Malicious Threats  Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc.  Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed.  let the program scan your system for threats.  Select all threats in result scan and remove all.  When the removal of infected objects process is complete, “Restart your system to remove all active threats properly”. Ransomware_by_Aditya_Jamkhande 25
Delete Cryptolocker Hidden Files  Enable the hidden files view from control panel.  Navigate to the following paths and delete all Cryptolocker Hidden files:  For Windows XP  C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe  e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe  C:WINDOWSsystem32msctfime.ime  For Windows Vista or Windows 7  C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe  e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe  C:WINDOWSsystem32msctfime.ime Ransomware_by_Aditya_Jamkhande 26
Delete Temporary files  Finally delete all files and folders under your TEMP folders:  For Windows Vista or Windows 7  C:Users<YOUR USERNAME>AppDataLocalTemp  C:WindowsTemp  For Windows XP  C:Documents and Settings<YOUR USERNAME>Local SettingsTemp  C:WindowsTemp Ransomware_by_Aditya_Jamkhande 27
File Restore- Shadow Copies  Navigate to the folder or the file that you want to restore in a previous state and right-click on it.  From the drop-down menu select “Restore Previous Versions”. *  Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab.  Then choose a particular version of folder or file and the press the:  “Open” button to view the contents of that folder/file.  “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive).  “Restore” to restore the folder file to the same location and replace the existing one. Ransomware_by_Aditya_Jamkhande 28
Removing Reveton  Name- Trojan:W32/Reveton and Trojan:W32/Urausy  Boot the system into 'Safe Mode with Command Prompt.'  In the command prompt, type "regedit" and press Enter.  Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindow sCurrentVersionRun Ransomware_by_Aditya_Jamkhande 29
30
For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data.  Reboot the system again, this time into Normal mode.  Finally, run a full computer scan to repair any remaining files. Ransomware_by_Aditya_Jamkhande 31
32
Defensive Measures  Backup and Recovery  Patch Regiment  Follow the principle of Least Privilege (People / Software / Network) Ransomware_by_Aditya_Jamkhande 33
Conclusion  When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomwares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks. Ransomware_by_Aditya_Jamkhande 34
References  http://www.microsoft.com/security/resources/ransomware- whatis.aspx  http://www.microsoft.com/security/portal/mmpc/shared/ransomware. aspx  http://www.sophos.com/en-us/support/knowledgebase/119006.aspx  http://us.norton.com/ransomware  http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and- restore-your-files/ http://www.f-secure.com/en/web/labs_global/removal/removing- ransomware 35
36
Ransomware_by_Aditya_Jamkhande 37

Recommended

Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
IT security awareness
IT security awarenessIT security awareness
IT security awarenessDr. Ramkumar Lakshminarayanan
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Abdulkarim Zakaria
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
The malware effects
The malware effectsThe malware effects
The malware effectsViral Parmar
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
Newsbytes april2013
Newsbytes april2013Newsbytes april2013
Newsbytes april2013n|u - The Open Security Community
 

Recommended

Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
IT security awareness
IT security awarenessIT security awareness
IT security awarenessDr. Ramkumar Lakshminarayanan
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Abdulkarim Zakaria
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
The malware effects
The malware effectsThe malware effects
The malware effectsViral Parmar
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
Newsbytes april2013
Newsbytes april2013Newsbytes april2013
Newsbytes april2013n|u - The Open Security Community
 
Malware
MalwareMalware
Malwaregalaxy201
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Protecting your pc in the new year
Protecting your pc in the new yearProtecting your pc in the new year
Protecting your pc in the new yearMichael Wells
 
Presentation
PresentationPresentation
PresentationNishant Barot
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)siti zulaikha
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virusCassidy Lajangang
 
Presentation1
Presentation1Presentation1
Presentation1aisyah2007
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber AttacksInsiya Tarwala
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
spyware
spywarespyware
spywareNamanKikani
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010Felipe Prado
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virussitinursyafiqah
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attackguestc8c7c02bb
 
Ransomeware
RansomewareRansomeware
RansomewareAbul Hossain Ripon
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt piancaPriyanka Daimary
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignmentainmz
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan BackdoorsJauwadSyed
 

More Related Content

What's hot

Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Protecting your pc in the new year
Protecting your pc in the new yearProtecting your pc in the new year
Protecting your pc in the new yearMichael Wells
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)siti zulaikha
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virusCassidy Lajangang
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attackguestc8c7c02bb
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignmentainmz
 

What's hot (20)

Malware
MalwareMalware
Malware
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacks
 
Protecting your pc in the new year
Protecting your pc in the new yearProtecting your pc in the new year
Protecting your pc in the new year
 
Presentation
PresentationPresentation
Presentation
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
 
Impact of ict on siocety virus
Impact of ict on siocety virusImpact of ict on siocety virus
Impact of ict on siocety virus
 
Presentation1
Presentation1Presentation1
Presentation1
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
spyware
spywarespyware
spyware
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attack
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignment
 

Similar to Null mumbai Session on ransomware by_Aditya Jamkhande

Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan BackdoorsJauwadSyed
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryBright Technology
 
How To Uninstall Masksearch.com
How To Uninstall Masksearch.comHow To Uninstall Masksearch.com
How To Uninstall Masksearch.comgerryfebre
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Remove Clickhoofind.com
Remove Clickhoofind.com Remove Clickhoofind.com
Remove Clickhoofind.comkingh05
 
Top Ransomware decryption tools-PART-01.pdf
Top Ransomware decryption tools-PART-01.pdfTop Ransomware decryption tools-PART-01.pdf
Top Ransomware decryption tools-PART-01.pdfGaibandhar Chele Raton
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusBESOR ACADEMY
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-RansomwareDave Augustine
 
rensomware final ppt
rensomware final pptrensomware final ppt
rensomware final pptKomal Keshwer
 

Similar to Null mumbai Session on ransomware by_Aditya Jamkhande (20)

Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
 
How To Uninstall Masksearch.com
How To Uninstall Masksearch.comHow To Uninstall Masksearch.com
How To Uninstall Masksearch.com
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Remove Clickhoofind.com
Remove Clickhoofind.com Remove Clickhoofind.com
Remove Clickhoofind.com
 
Ransomware
RansomwareRansomware
Ransomware
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
Top Ransomware decryption tools-PART-01.pdf
Top Ransomware decryption tools-PART-01.pdfTop Ransomware decryption tools-PART-01.pdf
Top Ransomware decryption tools-PART-01.pdf
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Computer securety
Computer securetyComputer securety
Computer securety
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-Ransomware
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
 
rensomware final ppt
rensomware final pptrensomware final ppt
rensomware final ppt
 

More from nullowaspmumbai

ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniquesnullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updatednullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning nullowaspmumbai
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsnullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Null mumbai Session on ransomware by_Aditya Jamkhande

  • 1. Name : Aditya Jamkhande Current Organization : Tata Consultancy Services Position : Senior Security Analyst 1Ransomware_by_Aditya_Jamkhande
  • 3. Few Basics (a short video on Bitcoin) Ransomware_by_Aditya_Jamkhande 3
  • 4. What is a Ransomware  a type of malicious software designed to block access to a computer system until a sum of money is paid  Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Ransomware_by_Aditya_Jamkhande 4
  • 6. History  The first known Ransomware was the 1989 “AIDS” Trojan (also known as “PC Cyborg”) written by Joseph Popp  Extortionate ransomware became prominent in May 2005  By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Cryzip and MayArchive began utilizing more sophasticated RSA encryption schemes, with ever-increasing Key- sizes  In 2011,a ransomware worm imitating the windows product activation notice surfaced  In February 2013, a ransomware worm based off the Stamp.Ek exploit kit surfaced  In July 2013, an OS X-specific ransomware worm came into action  Cryptolocker has raked in around 5 million dollars and still counting since the end of 2013 Ransomware_by_Aditya_Jamkhande 6
  • 7. Terminology and Propagation  The cryptovirology form of the attack has ransomware systematically encrypt files on the system's hard drive, which becomes intractable to decrypt without paying the ransom for the decryption key.  (Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.)  Other attacks may simply lock the system and display messages intended to coax the user into paying.  Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file. Ransomware_by_Aditya_Jamkhande 7
  • 8. How Cyber criminals / Hackers install ransomware?  Ransomware generates a pop-up window, webpage or email warning from what looks like an official authority  Ransomware is usually installed when you open - A malicious email attachment - Click a malicious link in 1. an email message 2. an instant message 3. on social networking site  Ransomware can even be installed when you visit a malicious site Ransomware_by_Aditya_Jamkhande 8
  • 9. Types of Ransomware  Encryption Ransomware  Lock Screen Ransomware  Master Boot Record (MBR) Ransomware Ransomware_by_Aditya_Jamkhande 9
  • 10. Encryption Ransomware  Encrypts personal files/folders (e.g., the contents of you‟re my documents folder-documents, spreadsheets, pictures, videos)  Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment.  You may see a lock screen but not all variants show one  Instead you may only notice a problem when you attempt to open your files  This type is also called „file encryptor‟ ransomware Ransomware_by_Aditya_Jamkhande 10
  • 12. Lock Screen Ransomware  „Locks‟ the screen and demands payment  Presents a full screen image that blocks all the other windows  This type is called „WinLocker‟ ransomware  No personal files are encrypted Ransomware_by_Aditya_Jamkhande 12
  • 14. Master Boot Record (MBR) Ransomware  The master boot record (MBR) is a section of the computer‟s hard drive that allows the operating system to boot up  MBR ransomware changes the computer‟s MBR so the normal boot process is interrupted  A ransom demand is displayed on screen instead Ransomware_by_Aditya_Jamkhande 14
  • 15. Reveton  In 2012, a major ransomware worm known as Reveton began to spread.  It is also known as "police trojan".  Its payload displays a warning purportedly from a law enforcement agency.  claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc.  The warning informs the user that to unlock their system they would have to pay a fine.  To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam. Ransomware_by_Aditya_Jamkhande 15
  • 17. CryptoLocker  An Encrypting ransomware reappeared in 2013.  Distributed either as an attachment to a malicious e-mail or as a drive-by download.  encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography.  The private key stored only on the malware's control servers.  Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline.  threatens to delete the private key if the deadline passes.  If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin. Ransomware_by_Aditya_Jamkhande 17
  • 19. How to prevent ransomware ?  Keep all of the software on your computer up to date.  Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser- related components (Java, Adobe, and the like).  Keep your firewall turned on.  Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.) Ransomware_by_Aditya_Jamkhande 19
  • 20. Cont..  Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program.  If you run Windows 8 or Windows RT, you don‟t need Microsoft Security Essentials.  Scan your computer with the Microsoft Safety Scanner.  Keep your browser clean.  Always have a good backup system in place, just in case your PC does become infected and you can‟t recover your files. Ransomware_by_Aditya_Jamkhande 20
  • 21. Identify The Ransomware Most commonly, ransomware is saved to one of the following locations:  C:Programdata(random alpha numerics).exe  C:Users(username)0.(random numbers).exe  C:UsersUsernameAppData(random alpha numerics).exe Ransomware_by_Aditya_Jamkhande 21
  • 22. Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat:  Windows Defender (built into Windows 8)  Microsoft Security Essentials  Microsoft Safety Scanner  Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.) Ransomware_by_Aditya_Jamkhande 22
  • 23. Removal – Other Anti-Malware Programs  Start your computer in “Safe Mode with Networking”.  Stop and clean malicious running processes. ○ Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). ○ Double Click to run RogueKiller. ○ Let the prescan to complete and then press on "Scan" button to perform a full scan. ○ When the full scan is completed, press the "Delete" button to remove all malicious items found. ○ Close RogueKiller and proceed to the next Step. Ransomware_by_Aditya_Jamkhande 23
  • 25. Clean Remaining Malicious Threats  Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc.  Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed.  let the program scan your system for threats.  Select all threats in result scan and remove all.  When the removal of infected objects process is complete, “Restart your system to remove all active threats properly”. Ransomware_by_Aditya_Jamkhande 25
  • 26. Delete Cryptolocker Hidden Files  Enable the hidden files view from control panel.  Navigate to the following paths and delete all Cryptolocker Hidden files:  For Windows XP  C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe  e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe  C:WINDOWSsystem32msctfime.ime  For Windows Vista or Windows 7  C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe  e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe  C:WINDOWSsystem32msctfime.ime Ransomware_by_Aditya_Jamkhande 26
  • 27. Delete Temporary files  Finally delete all files and folders under your TEMP folders:  For Windows Vista or Windows 7  C:Users<YOUR USERNAME>AppDataLocalTemp  C:WindowsTemp  For Windows XP  C:Documents and Settings<YOUR USERNAME>Local SettingsTemp  C:WindowsTemp Ransomware_by_Aditya_Jamkhande 27
  • 28. File Restore- Shadow Copies  Navigate to the folder or the file that you want to restore in a previous state and right-click on it.  From the drop-down menu select “Restore Previous Versions”. *  Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab.  Then choose a particular version of folder or file and the press the:  “Open” button to view the contents of that folder/file.  “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive).  “Restore” to restore the folder file to the same location and replace the existing one. Ransomware_by_Aditya_Jamkhande 28
  • 29. Removing Reveton  Name- Trojan:W32/Reveton and Trojan:W32/Urausy  Boot the system into 'Safe Mode with Command Prompt.'  In the command prompt, type "regedit" and press Enter.  Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindow sCurrentVersionRun Ransomware_by_Aditya_Jamkhande 29
  • 30. 30
  • 31. For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data.  Reboot the system again, this time into Normal mode.  Finally, run a full computer scan to repair any remaining files. Ransomware_by_Aditya_Jamkhande 31
  • 32. 32
  • 33. Defensive Measures  Backup and Recovery  Patch Regiment  Follow the principle of Least Privilege (People / Software / Network) Ransomware_by_Aditya_Jamkhande 33
  • 34. Conclusion  When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomwares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks. Ransomware_by_Aditya_Jamkhande 34
  • 35. References  http://www.microsoft.com/security/resources/ransomware- whatis.aspx  http://www.microsoft.com/security/portal/mmpc/shared/ransomware. aspx  http://www.sophos.com/en-us/support/knowledgebase/119006.aspx  http://us.norton.com/ransomware  http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and- restore-your-files/ http://www.f-secure.com/en/web/labs_global/removal/removing- ransomware 35
  • 36. 36