In 2016, ransomware continued its rampage across the world, tightening its hold on data, devices, and on individuals and businesses. Ransomware number and family continue increase, 2,900 new modifications in Q1 to 32,091 in Q3 At the start of the year, every 20 seconds somebody somewhere was attacked with ransomware – by the end of September, it was one every 10 seconds. At the start of the year, every two minutes a business was attacked with ransomware – by the end of September, it was one every 40 seconds

1. 11
Best Practice to Fight with
Ransomware

2. 2
Big Numbers of 2016
Source: KasperskyLab

3. 3Source: KasperskyLab

4. 4
Agenda
01
Ransomware
Introduction
02
How USG Stops
Ransomware
Something You Need to
Know
USG Provides Comprehensive
Protection
03
5 Tips for Preventing
Ransomware
Prevention Tips

5. 5
What is Ransomware?
• Ransomware is a type of malware that
prevents or limits users from accessing
their system.
• Encrypted system/file is the typical
way Ransomware did.
• This type of malware forces its victims
to pay the ransom through certain
online payment methods in order to
grant access to their systems, or to get
their data back.

6. 6
Common Behaviors of Ransomware
• When hit, it offers users the option of
decrypting 5 files for free—as proof that
decryption is possible.
• Users are also given 96 hours, instead of
72 hours, to pay the ransom fee which
ranges from $500~$1,000.
• In some case, infection could occur
through embedded URL over email or
compromised web site with drive-by
download technics.
TeslaCrypt Ransom Page / Source: Google Search

7. 7
7ev3n-HONE$T Ransom Page / Source: Google Search

8. 8
2016 Ransom Cases
Source: TheHackerNews.com

9. 9
• Once again the heat was felt by
the Los Angeles Valley College
(LAVC) when hackers managed
to infect its computer network
with ransomware and
demanded US$28,000 payment
in Bitcoins to get back online.
• The cyber-attack occurred over
winter break and caused
widespread disruption to online,
financial aid, email and
voicemail systems, including
locking out 1,800 students and
staffs from their computers.
Source: TheHackerNews.com
2017 Ransom Case

10. 10
Typical Threat Infection Method

11. 11
How Ransomware works?
1. Spear-phishing email
2. User opens email 3-1. Fake attached file is executed
4. Files encrypted5. Ransom message is displayed
6. Damage occurred

12. 1212
How USG Stops Ransomware

13. 13
USG provides Comprehensive Protection
1). Anti-Spam stops
phishing email
2). Content Filter stops user
to open unsafe/malicious
link (from email)
3). Anti-Virus protects
user not to download
malware-infected files
4). IDP detects and stops
Ransomware attempting to
contact CC&C

14. 14
Anti-Spam Secured Email In-&-Out
• Enable reputation-based email protection
• Ransomware usually uses spear-phishing emails as 1st step
• Zyxel Anti-Spam protects your network not only from spam as well from
suspicious emails
• Real time protection from cloud-based automated sharing and updating

15. 15
Content Filter Secured Web Connection
• Enable protection on accessing every URL
• When user clicks on the link in emails and attempt to connect, those URL
should be checked
• Zyxel Content Filtering for USG/ZyWALL covers the world’s largest URL
database and keeps updated

16. 16
Anti-Virus Stops Malware-infected Files
• Enable anti-malware protection
• Files attached in the mails should be thoroughly scanned
• Zyxel Anti-Virus protects the users from Viruses, Worms, Trojans, and
Malware including protocols like SMTP and POP3
• Along with SSL Inspection, USG/ZyWALL can further deal with encrypted
emails

17. 17
IDP Monitor Network Behaviors
• Put the threat intelligence on
• Abnormal behaviors should be monitored and detected
• Zyxel Intrusion Detection & Protection closely watch the network
behaviors and detect the attempting connections to the CC&C or
backdoor program.

18. 1818
5 Tips for Preventing Ransomware

19. 19
PREVENT, not REACT

20. 20
Ransomware Prevention Tips – 1/5
1. Security Gateway Provides Comprehensive Protection
• To maximize your protection against malware, including Ransomware.
• To stop threat at different points of your next environment.

21. 21
Ransomware Prevention Tips – 2/5
2. Backup regularly and always keep a recent backup
copy off-site.
• Always do a regular backup of your files and system OS and encrypt your
backup. This way you don't have to worry about Ransomaware threat
because you could easily restore your files or system OS back very soon.

22. 22
Ransomware Prevention Tips – 3/5
3. Patch, patch, patch…
• Malware threat relies on software or application vulnerabilities (or bugs).
When you apply security patches, you give the cybercriminals fewer
options for infecting you with ransomware.

23. 23
Ransomware Prevention Tips – 4/5
4. Be very careful about opening unsolicited attachments
or clicking unfamiliar web link
• Opening an attachment in the received email from unknown sources, or
clicking on a sexy picture/image or a harmless advertisement could
actually redirect you to a malicious web site and might installed a
malicious software.

24. 24
Ransomware Prevention Tips – 5/5
5. User Anti-Virus software on every clients
• Install and keep anti-virus (AV) and personal firewall software up-to-date
on your client devices. Always check downloaded files because AV
software could help keeping your client device free of the most common
malware.

25. 25
Reminding Again
• Always remember to regularly perform system backup on
your PCs
• In case the system is hit, it can be restored and perform seamlessly

26. 26
Free Decryptors:
• https://www.nomoreransom.org/ • https://noransom.kaspersky.com/

27. 2727
Appendix

28. 28
Next Generation USG
 Anti-malware Protection (Anti-Virus)
 Web Security (Content Filter)
 Email Security (Anti-Spam)
 Intrusion Detection & Prevention (IDP)
 SSL Inspection
 Hybrid VPN (IPSec/SSL/L2TP over IPSec)
 Ultra-High Performance
 High-Availability
 Firewall/NAT
 BWM

29. 2929
Next-Gen USG Product Portfolio
Model USG40(W) USG60(W) USG110 USG210 USG310 USG1100 USG1900
Firewall Throughput
(RFC2544)
400 Mbps 1.0 Gbps 1.6 Gbps 1.9 Gbps 5.0 Gbps 6.0 Gbps 7.0 Gbps
UTM
Throughput
50 Mbps 90 Mbps 250 Mbps 300 Mbps 400 Mbps 500 Mbps 600 Mbps
Recommended # of
users
1 ~ 10 10 ~ 25 25 ~ 50 50 ~ 75 75 ~ 200 200 ~ 350 350 ~ 500
Features
/Scalability
Small Business or Branch Office Medium to Large Businesses

30. 3030
VPN Firewall Product Portfolio
Model USG20(W)-VPN ZyWALL 110 ZyWALL 310 ZyWALL 1100 USG2200-VPN
Firewall Throughput
(RFC2544)
350 Mbps 1.6 Gbps 5.0 Gbps 6.0 Gbps 12.0 Gbps
VPN
Throughput
90 Mbps 400 Mbps 650 Mbps 800 Mbps 1.8 Mbps
Max. Concurrent IPSec
VPN Tunnels
10 100 300 1,000 3,000
Features
/Scalability
Small Business or Branch Office Medium to Large Businesses

31. 31
USG/ZyWALL UTM Service License

32. 3232