1. The growing threat of
Ransomware
C Y B E R C R I M E , S E C U R I T Y A N D R I S K M A N A G E M E N T ( 2 0 1 5 )
A L E X A N D E R C O N S T A N T I N O U
M S C F O R E N S I C I N F O R M A T I O N T E C H N O L O G Y
6 0 3 5 5 8
2. Key areas
1. What is Cyber crime – Definition & Explanation
2. What is ransomware - Focus is on CryptoLocker
3. Future predictions for ransomware attacks
4. Reducing the risk of ransomware attacks
3. 1.What is Cyber crime – Definition &
Explanation
Defining Cyber Crime
Information technology experts, police, lawyers, criminologists, and security experts comprehend the
concept of ‘cyber crime’ differently. (Brown, 2015)
Example definitions:
“the use of computers or other electronic devices via information systems to facilitate illegal
behaviours” (McQuade, 2006, p. 2)
“the illegal activities undertaken by criminals for financial gain, which exploit vulnerabilities in the use
of the Internet and other electronic systems to illicitly access or attack information and services used
by citizens, business and government” (Detica ,2011, p.1)
4. 2.1 What is Ransomware?
• Ransomware is malware that asks for a sum of money in order to reverse the effects that have
occurred on the victim(s) system. (Garber, 2013)
• Ransomware typically circulates as a Trojan horse
- by opening a seemingly harmless file
- install a backdoor to a command and control server
• CryptoLocker today is considered one the most notorious strands of ransomware.
(Smeby, Chapple & Seidl, 2014)
5. 2.2Why CryptoLocker was successful 1/2
1. Infect 250,000 windows based systems during first 100 days (Dell SercureWorks, 2013)
2. Ransom accumulation: approximately $380,000 (Jarvis, 2013)
3. CryptoLocker distinction:
◦ Uses a combination of asymmetric RSA 2048 bit encryption and AES 256 symmetric encryption.
CryptoLocker prevents system restore and deletes all shadow volumes on all mapped drives
◦ "C:WindowsSYsWOW64cmd.exe" /C
"C:WindowsSysnativevssadmin.exe" Delete Shadows /All /Quiet
7. 2.2Why CryptoLocker was successful 2/2
1. A viable business model for criminals
- estimated $100 million (Fanning, 2015)
2. Through anonymous payment bitcoin (low risk and high reward)
-Rational Choice theory
3. Hidden server only accessible to the cybercriminal (Anonymity and irreversible)
9. 3.Future predictions for ransomware attacks
1/2
Android ransomware detection statistics,
according to ESET LiveGrid
http://www.welivesecurity.com/wp-
content/uploads/2016/02/Rise_of_Android_Ransomware.pdf
10. 3.Future predictions for ransomware
attacks 2/2
Cross platform ransomware
-Ransom32 ( first of its kind) January 3 2016
-Uses a Node.js runtime environment (JavaScript)
-Encrypts with AES 128bit
•Cloud
-Services to be held at ransom?
-Further research required
11. 4. Reducing the risk of ransomware attacks
1. Frequently backup data, on multiple backup devices
2. Frequently install important security updates
3. Invest in a strong Antivirus , one that prevents registry changes without consent
4. Be wary when opening files
One way to know if a file is legitimate is to disable “hide known file types” in folder options
Example:
Disabled hide known file types it would appear like this
“importantdocument.pdf.exe “ easily can tell its not pdf
Left enabled hide known file types it would appear like this :
“importantdocument.pdf” contains CryptoLocker but appears to be pdf
13. References
•Brown, C. S. (2015). Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to
Justice. International Journal of Cyber Criminology, 9(1), 55-119
•Dell SercureWorks. (2013). CryptoLocker Ransomware. Dell SecureWorks. Retrieved 24
February 2016, from http://www.secureworks.com/cyber-threatintelligence/threats/cryptolocker-ransomware
•Detica. (2011).The Cost of Cyber Crime. Retrieved 24 February 2016, from
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60943/the-cost-of-cyber-crime-
full-report.pdf
•MediaCenter Panda Security,. (2016). CryptoLocker - What Is and How to Avoid the
malware. Pandasecurity.com. Retrieved 24 February 2016, from
http://www.pandasecurity.com/mediacenter/malware/cryptolocker/
•McQuade, Samuel (2011). Cybercrime. In The Oxford Handbook of Crime and Public
Policy, by Michael Tonry. Oxford University Press.
•Smeby, C., Chapple, M., & Seidl, D. (2014). Cyberwarfare. Jones & Bartlett
Learning, LLC