SlideShare a Scribd company logo

Combating RANSOMWare

U
Umer Saeed

Awareness of the problem This is a document in an upcoming series of documents to tell you about the RANSOMWare and how to combat it.

Internet
1 of 16
Download to read offline
RANSOMWARE COMBATING THE DARK WEB
UNDERSTANDING THE THREAT AND EXPOSURE What is Ransomware Ransomware Types PC, MAC, Mobile victims How it spreads and selects target What is the damage How to defend against it Don’t play along
UNDERSTANDING THE THREAT - RANSOMWARE Ransomware is the new malware with a very focused aim of not just causing disruption but scoping illicit payments out of your money. By definition, RANSOM malware, or RANSOMWARE, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. Image courtesy:freepik.com
TYPES OF RANSOMWARE Scare Ware Screen Lockers Encrypting Malware Scareware Scareware,as it turns out, is not that scary.It includes rogue security software and tech support scams.You might receivea pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe. Screen lockers When lock-screen ransomware gets on your computer,it means you’re frozen out of your PC entirely.A full-size window, often accompanied by an official-looking FBI or US DoJ seal saying illegal activity has been detected on your computer and you must pay a fine. Ransomware This malicious piece of malware encrypts your files, demanding payment in order to decrypt and redeliver.The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you.Unless you pay the ransom. Even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.
QUICK HISTORY THE FIRST RANSOMWARE, PC CYBORG OR AIDS, WAS CREATED IN THE LATE 1980S. WOULD ASK FOR 189$ FOR DECRYPTING YOUR ENCRYPTED FILES. 2004, WHEN GPCODE USED WEAK RSA ENCRYPTION TO HOLD PERSONAL FILES FOR RANSOM. In 2007,WinLock, instead of encrypting files, locked people out of their desktops, took over the victim screen and displayed pornographic images.Then, it demanded payment via a paid SMS to remove them. Reveton in 2012,started locking victims out of desktops showing official-looking page that appeared from LEAs such as FBI and Interpol. Reveton accused victim that he had committed a crime. a fine be paid ranging from $100 to $3,000 with a pre-paid card e.g UKash or PaySafeCard. In 2013 CryptoLocker used military grade encryption and stored the key to unlock files on a remote server.This is still the methodology of attacked in use today. WannaCry in May 2017 and Petya in June 2017, used encrypting ransomware to ensnare users and businesses across the globe. 2018,Ryuk attacks American news publications and Water and Sewer Authority. Ryuk infiltrated networks with reconnaisance trojans Emotet or TrickBot, to find high-value and high yield targets and upon finding good target, Emotet/TrickBot re-infects the system with Ryuk. 2017:Sodinokibi ransomware (GandCrab) chose (MSP) to spread infections. By August 2019,hundreds of dental offices in US found they could no longer access patient records.Attackers used a compromised MSP, to directly infect 400+ dental offices using the record keeping software.
DEFYING THE BIAS, NO ONE IS SAFE  RANSOMWARE infects all platforms, on different scales  PC platform  MAC  Mobile users  Linux users
RANSOMWARE FOR MAC Not ones to be left out of the ransomware game, Mac malware authors dropped the first ransomware for Mac OSes in 2016. Called KeRanger, the ransomware infected an app called Transmission that, when launched, copied malicious files that remained running quietly in the background for three days until they detonated and encrypted files. Thankfully,Apple’s built-in anti- malware program XProtect released an update soon after the ransomware was discovered that would block it from infecting user systems. Nevertheless, Mac ransomware is no longer theoretical.
ARE MOBILE DEVICES SAFE? Mobile ransomware It wasn’t until the height of the infamous CryptoLocker and other similar families in 2014 that ransomware was seen on a large scale on mobile devices.Mobile ransomware typically displays a message that the device has been locked due to some type of illegal activity.The message states that the phone will be unlocked after a fee is paid. Mobile ransomware is often delivered via malicious apps,and requires that you boot the phone up in safe mode and delete the infected app in order to retrieve access to your mobile device.
KEY RISK INDICATORS
HOW FAST IS IT SPREADING By the end of 2016 - 12.3% of global enterprise detections were ransomware - 1.8 percent of consumer detections By 2017 - 35 percent of SMB had experienced a Ransomware. Geographically, ransomware attacks are focused on western markets, the UK, US, and Canada ranking as the top 3 targets As emerging markets in Asia and South America ramp up on economic growth,expect to see an increase in ransomware (and other forms of malware) there as well.
SCOPING THE THREAT GandCrab, SamSam,WannaCry, NotPetya— Ransomware attacks on businesses went up 88% in the second half of 2018. GandCrab has already raked in somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000. In another notable attack happening back in March of 2018, the SamSam ransomware crippled the City of Atlanta by knocking out several essential city services—including revenue collection and the police record keeping system.All told, the SamSam attack cost Atlanta $2.6 million to remediate. A new analysis by Coveware,a remediation and incident response firm, has revealed that the average ransomware payment amount increased by six times between 2018 and Q3 2019.The average ransomware payment amount as of Q3 stands at $41,198.
UNDERSTANDINGTHE VULNERABILITIES - RANSOMWARE SPREADS Mal Spam Malvertising Drive-by Downloads and exploits Malicious spam, or malspam - unsolicited email delivering malware with booby-trapped attachments - PDFs or Word documents are most often used - contain links to malicious websites Cybercriminals use social engineering tricks to get people to open attachments What tricks? - such as posing as the FBI or Interpol -Tax authorities, IRA To scare users into paying sum of money to unlock their files. Peaked in 2016, RANSOMEWARE started malvertising or malicious advertising - little to no user interaction required - browsing even legitimate sites, users is directed to criminal servers - without ever clicking on an ad - Just by visiting sites Previously it was just to deliver spam but now its delivering malware best suited to deliver,most often, that malware is ransomware. Malvertising often uses an infected iframe, or invisible webpage element which redirects to an exploit landing page, and malicious code attacks the system from the landing page via exploit kit.All this happens without the user’s knowledge, which is why it’s often referred to as a drive-by-download.
APPLYING CONTROLS - HOW TO SAFEGUARD YOU HOME AND BUSINESS Understanding ransomware risk, how it works, and how to spot the signs Organizations must take variety of measures to guard against ransomware attacks. Conducting a risk analysis to identify threats and vulnerabilities to electronic data and establishing a remediation plan to mitigate those risks Implementing procedures to safeguard against malicious software Training users to detect malicious software and reporting such detections Backup your data, off site. Scan existing backup for usability Ensure reliable Patch management is applied to your network. Maintaining an overall contingency plan that includes disaster recovery, emergency operation, frequent data backups, and test restorations Implementing incident responses to mitigate ransomware
IF YOU ARE AVICTIM, DON’T PLAY THEIR GAME  Check and see if there is a decryptor. - In rare cases you may be able to decrypt your data without paying  Don’t pay the ransom. - Though some surveys indicate that paying ransom did allow data recovery, cybercriminals are NOT our friends so don’t get your hopes up and Law Enforcement agencies also stress on not paying the ransom. BUT, things are changing fast. It turns out Money is not the ONLY ransom they want now.  No Guarantees - There’s no guarantee you’ll get your files back. RANSOMWare is working because people started paying for data. They showed cybercriminals that ransomware attacks work.  Recover - Find backup to your data first, a copy left offline, on a USB, on a CD is most likely save you from ransom demands.  Apply #SelfCleansingPC mechanisms to your home PC, Business network as your first line of defense.
THANKYOU PRESIDENT@ISACALAHORE.ORG INFO@ISACALAHORE.ORG TEL:0300-8460556 FB: FB.ME/ISACALAHORECHAPTER W3:WWW.ISACALAHORE.ORG
FOR ANY QUESTIONS AND GUIDE UMER.SAEED@GMAIL.C OM LINKEDIN.COM CONTACTUMERSAEED FB.ME/FUTURENOW.PK 0334-4665943

Recommended

What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data ProtectionDatto
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and MitigationNoel Waterman
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?Blue Coat
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeBlue Coat
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 

Recommended

What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data ProtectionDatto
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and MitigationNoel Waterman
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?Blue Coat
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeBlue Coat
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attackIcomm Technologies
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Ransomeware
RansomewareRansomeware
RansomewareAbul Hossain Ripon
 
Cyber attack
Cyber attackCyber attack
Cyber attackAvinash Navin
 
Ransomware
RansomwareRansomware
RansomwareDevAkabari
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or FoeSrinivas Thimmaiah
 
Readying People Against Deceptive Practices
Readying People Against Deceptive PracticesReadying People Against Deceptive Practices
Readying People Against Deceptive PracticesMSFTSIRv16
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
C 7
C 7C 7
C 7Les Davy
 
Newsbytes april2013
Newsbytes april2013Newsbytes april2013
Newsbytes april2013n|u - The Open Security Community
 
Facebook
FacebookFacebook
FacebookPuni Hariaratnam
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolutionITrust - Cybersecurity as a Service
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 
Salami attack
Salami attackSalami attack
Salami attackSantoshKavhar
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
Prevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI AdvantagePrevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI AdvantageCRI Advantage
 

More Related Content

What's hot

The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Readying People Against Deceptive Practices
Readying People Against Deceptive PracticesReadying People Against Deceptive Practices
Readying People Against Deceptive PracticesMSFTSIRv16
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 

What's hot (20)

Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacks
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or Foe
 
Readying People Against Deceptive Practices
Readying People Against Deceptive PracticesReadying People Against Deceptive Practices
Readying People Against Deceptive Practices
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
 
C 7
C 7C 7
C 7
 
Newsbytes april2013
Newsbytes april2013Newsbytes april2013
Newsbytes april2013
 
Facebook
FacebookFacebook
Facebook
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolution
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskar
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 
Salami attack
Salami attackSalami attack
Salami attack
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013
 

Similar to Combating RANSOMWare

Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
Prevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI AdvantagePrevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI AdvantageCRI Advantage
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsProtected Harbor
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdfHiYeti1
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxInfosectrain3
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideSarah Roberts
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
What is ransomware
What is ransomwareWhat is ransomware
What is ransomwarevikash saini
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomwareJawhar Ali
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enAndrey Apuhtin
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 

Similar to Combating RANSOMWare (20)

Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
Prevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI AdvantagePrevent Phishing Attacks – CRI Advantage
Prevent Phishing Attacks – CRI Advantage
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick Guide
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
What is ransomware
What is ransomwareWhat is ransomware
What is ransomware
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-en
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 

Recently uploaded

Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 

Recently uploaded (12)

Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 

Combating RANSOMWare

  • 2. UNDERSTANDING THE THREAT AND EXPOSURE What is Ransomware Ransomware Types PC, MAC, Mobile victims How it spreads and selects target What is the damage How to defend against it Don’t play along
  • 3. UNDERSTANDING THE THREAT - RANSOMWARE Ransomware is the new malware with a very focused aim of not just causing disruption but scoping illicit payments out of your money. By definition, RANSOM malware, or RANSOMWARE, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. Image courtesy:freepik.com
  • 4. TYPES OF RANSOMWARE Scare Ware Screen Lockers Encrypting Malware Scareware Scareware,as it turns out, is not that scary.It includes rogue security software and tech support scams.You might receivea pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe. Screen lockers When lock-screen ransomware gets on your computer,it means you’re frozen out of your PC entirely.A full-size window, often accompanied by an official-looking FBI or US DoJ seal saying illegal activity has been detected on your computer and you must pay a fine. Ransomware This malicious piece of malware encrypts your files, demanding payment in order to decrypt and redeliver.The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you.Unless you pay the ransom. Even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.
  • 5. QUICK HISTORY THE FIRST RANSOMWARE, PC CYBORG OR AIDS, WAS CREATED IN THE LATE 1980S. WOULD ASK FOR 189$ FOR DECRYPTING YOUR ENCRYPTED FILES. 2004, WHEN GPCODE USED WEAK RSA ENCRYPTION TO HOLD PERSONAL FILES FOR RANSOM. In 2007,WinLock, instead of encrypting files, locked people out of their desktops, took over the victim screen and displayed pornographic images.Then, it demanded payment via a paid SMS to remove them. Reveton in 2012,started locking victims out of desktops showing official-looking page that appeared from LEAs such as FBI and Interpol. Reveton accused victim that he had committed a crime. a fine be paid ranging from $100 to $3,000 with a pre-paid card e.g UKash or PaySafeCard. In 2013 CryptoLocker used military grade encryption and stored the key to unlock files on a remote server.This is still the methodology of attacked in use today. WannaCry in May 2017 and Petya in June 2017, used encrypting ransomware to ensnare users and businesses across the globe. 2018,Ryuk attacks American news publications and Water and Sewer Authority. Ryuk infiltrated networks with reconnaisance trojans Emotet or TrickBot, to find high-value and high yield targets and upon finding good target, Emotet/TrickBot re-infects the system with Ryuk. 2017:Sodinokibi ransomware (GandCrab) chose (MSP) to spread infections. By August 2019,hundreds of dental offices in US found they could no longer access patient records.Attackers used a compromised MSP, to directly infect 400+ dental offices using the record keeping software.
  • 6. DEFYING THE BIAS, NO ONE IS SAFE  RANSOMWARE infects all platforms, on different scales  PC platform  MAC  Mobile users  Linux users
  • 7. RANSOMWARE FOR MAC Not ones to be left out of the ransomware game, Mac malware authors dropped the first ransomware for Mac OSes in 2016. Called KeRanger, the ransomware infected an app called Transmission that, when launched, copied malicious files that remained running quietly in the background for three days until they detonated and encrypted files. Thankfully,Apple’s built-in anti- malware program XProtect released an update soon after the ransomware was discovered that would block it from infecting user systems. Nevertheless, Mac ransomware is no longer theoretical.
  • 8. ARE MOBILE DEVICES SAFE? Mobile ransomware It wasn’t until the height of the infamous CryptoLocker and other similar families in 2014 that ransomware was seen on a large scale on mobile devices.Mobile ransomware typically displays a message that the device has been locked due to some type of illegal activity.The message states that the phone will be unlocked after a fee is paid. Mobile ransomware is often delivered via malicious apps,and requires that you boot the phone up in safe mode and delete the infected app in order to retrieve access to your mobile device.
  • 10. HOW FAST IS IT SPREADING By the end of 2016 - 12.3% of global enterprise detections were ransomware - 1.8 percent of consumer detections By 2017 - 35 percent of SMB had experienced a Ransomware. Geographically, ransomware attacks are focused on western markets, the UK, US, and Canada ranking as the top 3 targets As emerging markets in Asia and South America ramp up on economic growth,expect to see an increase in ransomware (and other forms of malware) there as well.
  • 11. SCOPING THE THREAT GandCrab, SamSam,WannaCry, NotPetya— Ransomware attacks on businesses went up 88% in the second half of 2018. GandCrab has already raked in somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000. In another notable attack happening back in March of 2018, the SamSam ransomware crippled the City of Atlanta by knocking out several essential city services—including revenue collection and the police record keeping system.All told, the SamSam attack cost Atlanta $2.6 million to remediate. A new analysis by Coveware,a remediation and incident response firm, has revealed that the average ransomware payment amount increased by six times between 2018 and Q3 2019.The average ransomware payment amount as of Q3 stands at $41,198.
  • 12. UNDERSTANDINGTHE VULNERABILITIES - RANSOMWARE SPREADS Mal Spam Malvertising Drive-by Downloads and exploits Malicious spam, or malspam - unsolicited email delivering malware with booby-trapped attachments - PDFs or Word documents are most often used - contain links to malicious websites Cybercriminals use social engineering tricks to get people to open attachments What tricks? - such as posing as the FBI or Interpol -Tax authorities, IRA To scare users into paying sum of money to unlock their files. Peaked in 2016, RANSOMEWARE started malvertising or malicious advertising - little to no user interaction required - browsing even legitimate sites, users is directed to criminal servers - without ever clicking on an ad - Just by visiting sites Previously it was just to deliver spam but now its delivering malware best suited to deliver,most often, that malware is ransomware. Malvertising often uses an infected iframe, or invisible webpage element which redirects to an exploit landing page, and malicious code attacks the system from the landing page via exploit kit.All this happens without the user’s knowledge, which is why it’s often referred to as a drive-by-download.
  • 13. APPLYING CONTROLS - HOW TO SAFEGUARD YOU HOME AND BUSINESS Understanding ransomware risk, how it works, and how to spot the signs Organizations must take variety of measures to guard against ransomware attacks. Conducting a risk analysis to identify threats and vulnerabilities to electronic data and establishing a remediation plan to mitigate those risks Implementing procedures to safeguard against malicious software Training users to detect malicious software and reporting such detections Backup your data, off site. Scan existing backup for usability Ensure reliable Patch management is applied to your network. Maintaining an overall contingency plan that includes disaster recovery, emergency operation, frequent data backups, and test restorations Implementing incident responses to mitigate ransomware
  • 14. IF YOU ARE AVICTIM, DON’T PLAY THEIR GAME  Check and see if there is a decryptor. - In rare cases you may be able to decrypt your data without paying  Don’t pay the ransom. - Though some surveys indicate that paying ransom did allow data recovery, cybercriminals are NOT our friends so don’t get your hopes up and Law Enforcement agencies also stress on not paying the ransom. BUT, things are changing fast. It turns out Money is not the ONLY ransom they want now.  No Guarantees - There’s no guarantee you’ll get your files back. RANSOMWare is working because people started paying for data. They showed cybercriminals that ransomware attacks work.  Recover - Find backup to your data first, a copy left offline, on a USB, on a CD is most likely save you from ransom demands.  Apply #SelfCleansingPC mechanisms to your home PC, Business network as your first line of defense.
  • 16. FOR ANY QUESTIONS AND GUIDE UMER.SAEED@GMAIL.C OM LINKEDIN.COM CONTACTUMERSAEED FB.ME/FUTURENOW.PK 0334-4665943