Kemar Williams presented cyber incident response strategies including preparation, detection, analysis, and prevention of ransomware attacks. The presentation outlined organizing an incident response team and equipping them. It discussed monitoring for increased file renaming to detect attacks and using sacrificial network shares. Analysis involves determining the ransomware strain and scope of infection. Prevention strategies included email scanning, network segmentation, patching, and user training. Recovery involves restoring from backups and additional training.
Demo how to detect ransomware with alien vault usm_ggAlienVault
By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage.
Don’t fall victim to ransomware!
AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
This is the presentation from Security MVP, and CEO at CQURE, Paula Januszkiewicz's thought-provoking webinar on how to get inside the mind of a hacker to better manage risk and shore up organizational cyber-defenses.
Pen testing is not enough! And, while identifying, classifying, remediating, and mitigating vulnerabilities are all cornerstones of effective vulnerability management, in practice, they are often inadequately implemented.
Often, the best-designed strategies and VM implementations rely on experience.
Check out the presentation to get a taste of the webinar:
- Learn how to improve vulnerability identification and strengthen your systems
- Look over the shoulder of an expert, as Paula a demo of how to exploit systems and how (from the hacker perspective) you can learn to defuse such exploits!
Watch the webinar: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Recently a ransomware variant titled “WannaCry” has infected thousands of unpatched endpoints worldwide.This quick presentation will provide a synopsis of what this threat might mean for end users and what actions can be taken in response to this new information.
Demo how to detect ransomware with alien vault usm_ggAlienVault
By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage.
Don’t fall victim to ransomware!
AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
This is the presentation from Security MVP, and CEO at CQURE, Paula Januszkiewicz's thought-provoking webinar on how to get inside the mind of a hacker to better manage risk and shore up organizational cyber-defenses.
Pen testing is not enough! And, while identifying, classifying, remediating, and mitigating vulnerabilities are all cornerstones of effective vulnerability management, in practice, they are often inadequately implemented.
Often, the best-designed strategies and VM implementations rely on experience.
Check out the presentation to get a taste of the webinar:
- Learn how to improve vulnerability identification and strengthen your systems
- Look over the shoulder of an expert, as Paula a demo of how to exploit systems and how (from the hacker perspective) you can learn to defuse such exploits!
Watch the webinar: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Recently a ransomware variant titled “WannaCry” has infected thousands of unpatched endpoints worldwide.This quick presentation will provide a synopsis of what this threat might mean for end users and what actions can be taken in response to this new information.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
It's Your Move: The Changing Game of Endpoint SecurityLumension
It’s time to refine enterprise security strategies at your organization. While we were installing firewalls, antivirus suites, and other technologies that block known threats, the bad guys were out rewriting the rulebook. Don't let cybercriminals stay one step ahead and put you in “checkmate.”
In this information-packed presentation, you'll learn:
* How our opponents have changed the IT security rules
* What role your employees play in this “game”
* Key moves IT security professionals can make to regain control of endpoints
* How one organization has implemented a proactive security approach successfully
Ransomware is becoming an ever-better known problem. Want to know how to prevent ransomware? Learn from the experts at Ransomware.org - dedicating to ending the scourge of ransomware. To educating those who may be vulnerable, and to assist those who have been victimized. This free resource is a tool that can be used to help you prepare and prevent ransomware. Please feel free to share with proper attribution to https://ransomware.org/how-to-prevent-ransomware/
Other similar resources on SlideShare here:
https://www.slideshare.net/RansomwareEditor/running-a-ransomware-tabletop-exercise
https://www.slideshare.net/RansomwareEditor/how-to-recover-from-ransomware-251125509
https://www.slideshare.net/RansomwareEditor/develop-a-ransomware-resistant-backup-strategy
Cybersecurity threats are also evolving with advances in technology. As technology advances, so do the methods and techniques used by cybercriminals to breach security systems and steal sensitive information.
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system\'s
information assurance. Vulnerability is the intersection of three elements: a system susceptibility
or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect to a
system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerabilities are flaws in computer software that create weaknesses in your computer or
network’s overall security. Vulnerabilities can also be created by improper computer or security
configurations. Threats exploit the weaknesses of vulnerabilities, resulting in potential damage to
the computer or its data.
The impact of a security breach can be very high. The fact that IT managers, or upper
management, can (easily) know that IT systems and applications have vulnerabilities and do not
perform any action to manage the IT risk is seen as a misconduct in most legislations.
Intrusion detection system is an example of a class of systems used to detect attacks. Some sets
of criteria to be satisfied by a computer, its operating system and applications in order to meet a
good security level have been developed: ITSEC and Common criteria are two examples.
Vulnerability falls under security like computer security, network security,etc.
How to mitigate the risk
§ Install Anti-Virus Software.
Ensure that reputable anti-virus software is installed on all computers. This should include all
servers, PCs and laptops. If employees use computers at home for business use or to remotely
access the network, these PCs should also have anti-virus software installed.
§ Ensure that the anti-virus software is up to date.
Everyday new computer viruses are being released and it is essential that businesses are
protected from these viruses by keeping the anti-virus software up to date. If possible, companies
should look at policies whereby computers that do not have the most up to date anti-virus
software installed are not allowed to connect to the network.
§ Employ a firewall to protect networks.
As computer viruses can spread by means other than email, it is important that unwanted traffic
is blocked from entering the network by using a firewall. For users that use computers for
business away from the protection of the company’s network, such as home PCs or laptops, a
personal firewall should be installed to ensure the computer is protected.
§ Filter all email traffic.
All incoming and outgoing email should be filtered for computer viruses. This filter should
ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file
attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and
.SCR files, should also be prevented from entering the network.
§ Educate all users to be careful of suspicious e-mails.
Ensure that all users know to .
Top encryption tools like McAfee are popular among business users. McAfee provides full disk encryption for desktops, laptops, and servers. The algorithm uses Advanced Encryption Standard(AES) with 256-bit keys. McAfee AES is certified by US Federal Information Processing Standard. There is also ready integration of multi-layer authentication.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.
Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.
You'll learn:
What the AlienVault Labs security research team has learned about these threats
How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
How the incident response capabilities in USM Anywhere can help you mitigate attacks
Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast
Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
A guide for organizations faced with a ransomware
infection. This guide is split into several sections, with the most
critical and time-sensitive being in the initial response section.
If you are currently experiencing a ransomware incident, it is highly recommended you immediately review the containment section.
Similar to Cyber Incident Response Proposed Strategies (20)
Is online education an effective replacement for traditional classroom teaching?Dam Frank
The proliferation of information and communication technology (ICT) has created significant advancements in the way both teaching and learning take place. Among these advancements is the emergence of online learning, also known as e-learning, which is defined as the distribution of learning materials and resources online via the use of information and communication technology to facilitate the learning experience (Chitra & Raj, 2018, p. 2).
Lesson 7: The Seven Woes Against the Scribes and PhariseesDam Frank
The word “woe” is a translation of the Greek word ouai ” which is an
emotional expression of grief, regret, misfortune, or gracious distress. When used in context with Matthew 23, it means “alas” or almost like “oh no!” signifying impending doom, condemnation or the wrath of God.
Lesson 6 : Jewish Sects at the Time of ChristDam Frank
A sect is a name given to a group of people who break away from a larger, established religious denomination because of a set of beliefs that differ in some key ways.
Many views and practices of a sect will overlap with those of the larger group, other beliefs will be distinct enough to warrant a schism or division between
the groups.
This bible lesson discusses Jesus Christ being our substitute using bible illustrations such as: Isaac's substitute ram, the scapegoat of Leviticus 16 and the substitution for Barabbas
The term Progressive revelation states that God reveals His will and the mystery of Himself to humanity throughout stages in time. Therefore, the progressive revelation of the name refers to the various names God use to express the revelation of Himself throughout history.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
Cyber Incident Response Proposed Strategies
1. Cyber Incident Response Proposed Strategies
Presented by:
Kemar Williams
Information Security Incident Response Management
University of Technology, Jamaica
September 23, 2017
2. www.opensecurityalliance.orgRGIT, Mumbai 02/24
IRP - Strategies
IR Preparation
Identify Attack Vectors
How is the Attack Deployed
Detection Strategies
Analysis Strategies
Prevention Strategies
Email
Network
End User
Recovery & Review
3. www.opensecurityalliance.orgRGIT, Mumbai 02/24
Incident Preparation
Organize IR Operation Centre.
Have end users and IR team members trained in responding to a ransomware.
Prepare incident response contact list.
Provide backup storage
Provide supplies in the event od an incident:
Notebooks & pens
Laptops, Multifunction Printer, backup UPS and batteries
Provide Software to:
• Perform Computer Analysis (anti-virus, anti-malware etc.)
• Recover data from infected hard drives.
• Recover password for locked computers
Equip IR operation center with rations and petty cash
Provide law enforcement contact numbers
5. How is The Attack Deployed
• Comes as an
email
attachment
• Often very
generic but
could include a
real vendor
name or even
your company
name.
• Once open,
ransomware
silently begins
encrypting all
the files it can
without any user
interaction or
notification
• Locks the user
screen
displaying a
ransom
notification with
an expiry date
• Payment is
usually in
bitcoins
• Paying ransom
increase risk of
future attacks
6. www.opensecurityalliance.orgRGIT, Mumbai 02/24
Detection Strategies
Detection:
Setup a file activity monitoring application such as LANGuardian to:
Detect both a real time and historical record of all file and folder activity the
network file shares.
Monitor increase in file renames - When Ransomware strikes, it will result in
a massive increase in file renames as your data gets encrypted.
Update Intrusion Detection System systems with exploit kit detection rules
Create a sacrificial network share Drive
When Ransomware strikes, it typically looks for local files first and then
moves onto network share drives.
A sacrificial network share can act as an early warning system and also
delay the Ransomware from getting to your critical data
Use client based anti-ransomware agents
7. Analysis and Documentation Strategies
After the detection of a ransomware infection the next step is the gathering information on
the incident by analyzing the scope of the attack. Depending on the type of ransomware
variant the following will be conducted:
Disconnect and Quarantine infected computer(s)
Determine the Scope of the Infection, Check the Following for Signs of Encryption
a. Mapped or shared drives
b. Mapped or shared folders from other computers
c. Network storage devices of any kind
d. External Hard Drives
e. USB storage devices of any kind (USB sticks, memory sticks, attached
phones/cameras)
f. Cloud-based storage: Drobox, Google Drive, OneDrive etc.
Determine Ransomware Strain
a. What strain/type of ransomware? For example: CryptoWall, Teslacrypt etc.
Determine Response
a. Now that you know the scope of your encrypted files as well as the strain of
ransomware you are dealing with, you can make a more informed decision as to
what your next action will be.
8. www.opensecurityalliance.orgRGIT, Mumbai 02/24
Analysis and Documentation Strategies – Cont’d
.
Emron Technologies Inc. Incident Reporting Form
LOCATION: NAME OF DEPT./DIVISION:
Employee Name: Ext No: E-MAIL ADDRESS:
Date of Incident: Time of Incident:
Who Notified: Time of Notification:
Brief Description of Incident:
No. Of Host Infected: ____________
Host IP Address: ____________
Operating system: ____________
Impact Level:
Severe
7
6
Major
5
4
3
Minor
2
1
Negligible 0
Reporting Staff Name: _________________ Signature: ___________________ Date: ______________
CISO Name: ________________ Signature: ___________________ Date: ______________
9. Prevention Strategies
Prevention – Email:
Enable strong spam filters to prevent phishing emails from reaching the end
users and authenticate inbound email using
Scan all incoming and outgoing emails to detect threats and filter executable files
from reaching end users.
Scan and filter all downloads
10. Prevention Strategies – Cont’d
Prevention – Network:
Segment the Network by creating VLANS
This will contain the ransomware infection and slow down its propagation.
Configure firewall to block access to known malicious IP addresses
Patch operating systems, application software, and update firmware on network
devices. Consider using a centralized patch management system.
Configure enterprise security suite to perform daily scans of the network and
endpoints automatically.
Virtualize servers
Maintain offsite backup of crucial key servers and data.
12. Prevention Strategies – Cont’d
Prevention – End User:
Install anti-virus/antimalware software
Recommend the use of google chrome instead of internet explorer.
Disabling execution of scripts running in the browser
Download and install Microsoft windows/security updates.
Disable the use of thumb drives
13. Recovery and Review
Restore from backup (if possible)
Now that you’ve contained the infection and put the rest of your users on guard, the
best way to fix your user’s computer without paying the ransom is to restore it from
your backup. Before you wipe the computer, however, make sure your backup is up-
to-date and that you have a good copy of that data. You don’t want to hit the nuke
button and realize your last backup was two months ago.
Training:
Conduct training or existing and new employees to raise awareness of the risks of
ransomware attack vectors. Remind employees never to click on unsolicited links or
attachments. Emails from unknown sources should be treated with suspicion.
Many IDS, IPS and firewall systems come with exploit detection features. Exploit kits are used as a way to get Ransomware onto a client through malspam or via compromised websites.
The two most common exploit kits (EK) associated with Ransomware are the Neutrino EK and the Angler EK.