SlideShare a Scribd company logo

Ransomware - Rameez Shahzada

RAMEEZ SHAHZADA
RAMEEZ SHAHZADA

Ransomware is malicious software which infects computer and displays messages demanding payments in order to get back your system to work again

Technology
1 of 31
Ransomware PRESENTATION BY : RAMEEZ SHAHZADA KP
WHAT IS RANSOMWARE? • Ransomware is a type of Malicious Software. • Block access to data. Retrieve Ransom has to pay. • Most ransomware today encrypt files using known algorithms like RSA or RC4, or using custom encryption. Created By Ajuman Ramzey
HOW RANSOMWARE INFECTED ? • May executed from downloaded files. • Or by using compromised websites. • Arrive as a payload either dropped or downloaded by other malware. Created By Ajuman Ramzey
RANSOMWARE BEHAVIOUR • In an executed system Ransomware encrypt predetermined files, thus, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system by providing instructions how pay for the ransom. • The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets. • Some ransomware deliver data as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems. Created By Ajuman Ramzey
THE HISTORY AND EVOLUTION OF RANSOMWARE Early Years 2005 - 2016 Modern Ransomware 2016 -Created By Ajuman Ramzey
• Cases of ransomware infection were first seen in Russia between 2005 – 2006. • In 2006 a Ransomware variant detected as TROJ_CRYZIP.A . • Following years encryption shared to particular file types such as DOC, .XLS, .JPG, .ZIP, .PDF, and other commonly used file extensions. • In 2011, SMS RANSOMWARE named as TROJ_RANSOM.QOWA asked users of to dial a premium SMS number from infected systems repeatedly displayed until user paid the ransom by dialing a premium number. • By 2012, Ransomware infections was across Europe and North America. TROJ_RANSOM.BOV displayed notification page supposedly from the local police agency instead of typical ransom note. EARLY YEARS Created By Ajuman Ramzey
REVETON(2012) • Reveton a ransomware type that impersonates law enforcement agencies Known as Police Ransomware or Police Trojans. • It displays a warning from a law enforcement agency claiming that the computer has been used for illegal activities. Thus it ask to pay a fine. • Pretended tracked by law enforcement, by sharing the screen & IP address or share location of user or display footage of user’s webcam which was recorded. • Reveton initially began spreading in various European countries in early 2012 followed by USA & Canada. Created By Ajuman Ramzey
Created By Ajuman Ramzey
CRYPTOLOCKER AND TORRENTLOCKER & CRYPTOWALL (2013-2014) • CryptoWall and CryptoLocker is a Trojans, waved in Australia. • Victims forced to pay the ransom even if the malware deleted as data's are encrypted. Due to this behavior, it was dubbed as “CryptoLocker”. • Like previous it demands payment from affected users for a decrypt key to unlock the encrypted files. • Spread via fraudulent e-mails claiming failed parcel delivery notices and designed in a way users visit a web page and enter a CAPTCHA code to download Payroll. • Ransom note in CryptoLocker & CryptoWall only specifies “RSA-2048” as the encryption method used, analysis shows that the malware uses AES + RSA encryption. Created By Ajuman Ramzey
• Introduction of new variants of “CryptoLocker” • TROJ_UPATRE : Spreads through SPAM MAIL’s • WORM_CRILOCK.A : Spread via removable drives, a routine unheard of in other CRILOCK variants. • TROJ_CRYPTRBIT.H : Deletes backup files to prevent restoration of encrypted files, and demands payment for a decrypt key for the locked files. • TorrentLocker is also a Trojans, which was waved in Australia tailed by Turkey. Created By Ajuman Ramzey
Created By Ajuman Ramzey
INTRODUCTION OF BITCOINS • Ransomware began incorporate to another element: cryptocurrency (e.g., Bitcoin) theft. • In 2014, Two variants of a new malware called BitCrypt. • The first variant, TROJ_CRIBIT.A, appends “.bitcrypt” to any encrypted files and displays a ransom note in English. • The second variant, TROJ_CRIBIT.B, appends the filename with “.bitcrypt 2″ and uses a multilingual ransom note in 10 languages. • CRIBIT variants use the encryption algorithms RSA(426)-AES and RSA(1024)-AES to encrypt the files, and specifies that the payment for unlocking files be made in Bitcoins. Created By Ajuman Ramzey
• With the exception of some ransomware families that demand high amounts, ransomware variants typically ask for 0.5−5 Bitcoins (as of 2016) in exchange for a decrypt key. • This is important for two reasons • some variants increase the ransom as more time elapses with nonpayment. • The Bitcoin exchange rate is on the rise. • In January 2016, 1 BTC was worth US$431. Bitcoin's value has risen dramatically since then, topping out at US$1,082.55 at the end of March, 2017. Created By Ajuman Ramzey
• The Angler Exploit Kit In 2015, the Angler exploit kit was popular exploit kits to spread ransomware. Used in a series of malvertisment attacks through popular media such as news websites and localized sites. • POSHCODER: PowerShell Abuse New variant of Ransomware and Cryptolocker threats surfaced that leverages the Windows PowerShell feature to encrypt files. TROJ_POSHCODER.A. Windows PowerShell is a built-in feature in Windows 7 and higher. POSHCODER uses AES encryption and an RSA 4096 public key to encrypt the said AES key. Once all files on the infected system are encrypted, it displays the following image: Created By Ajuman Ramzey
RANSOMWARE EVOLVED: MODERN RANSOMWARE • After the shift to crypto-ransomware, the extortion malware has evolved, adding following features : 1. Countdown timers, 2. Ransom amounts that increase over time, 3. Infection routines that enable them to spread across networks and servers. • The latest developments show how threat actors are experimenting with new features, such as offering alternative payment platforms to make ransom payments easier, routines that threaten to cause potentially crippling damage to non-paying victims, or new distribution methods. Created By Ajuman Ramzey
Types of Modern Evolved RansomwareCreated By Ajuman Ramzey
Created By Ajuman Ramzey
LOCKY (RANSOM_LOCKY.A) • Discovered in February 2016. • Locky was notable for its distribution methods. • First seen arriving as a macro in a Word document, and then spotted being spread via Adobe Flash and Windows Kernel Exploits. One of the most actively-updated ransomware families. • Locky ransomware is known for deleting shadow copies of files to make local backups useless, and is notorious for being used in multiple high-profile attacks on healthcare facilities. Created By Ajuman Ramzey
Created By Ajuman Ramzey
PETYA • Discovered in March 2016. • Unlike other ransomware, infect the Master Boot Record, installing a payload which encrypts file tables of the NTFS file system is blocked from booting into Windows at unless ransom is paid. • Recent Attacks on UKRAIN & INDIA Created By Ajuman Ramzey
CERBER (RANSOM_CERBER.A) • First seen in early March 2016, • CERBER was notable for having a ‘VOICE’ feature that reads out the ransom message. • CERBER was also found to have a customizable configuration file that allows distributors to modify its components—a feature common for malware that's being sold in underground markets. • CERBER is also notorious for being used in an attack that potentially exposed millions of Microsoft Office 365 users to the infection. Created By Ajuman Ramzey
Created By Ajuman Ramzey
SAMSAM (RANSOM_CRYPSAM.B) & JIGSAW (RANSOM_JIGSAW.I) • Discovered in March 2016, SAMSAM is installed after the attackers exploit vulnerabilities on unpatched servers—instead of the usual malicious URLs and spam emails—and uses these to compromise other machines. • JIGSAW seen in April 2016 . • Jigsaw's ransom note features a countdown timer to pressure its victims into paying—with a promise to increase the ransom amount while deleting portions of the encrypted files every time the timer runs out. Recent Jigsaw variants also featured a chat support feature that allows victims to contact the cybercriminal. Created By Ajuman Ramzey
FUSOB • Major mobile ransomware virus. • It employs scare tactics to extort people to pay a ransom. • FUSOB pretends an accusatory authority, demanding to pay a fine from $100 to $200 or otherwise face a fictitious charge. • Reported about 56 % mobile was affected since from April 2015 and March 2016. • Also bluffed by suggests using iTunes gift cards for payment or a timer clicking down on the screen to the user’s by exciting deals. Created By Ajuman Ramzey
WANNACRY WORM • WANNACRY RANSOMWARE infected more than 230,000 computers in over 150 countries in May 2017 . • Attack spread through the Internet via malicious Dropbox URLs embedded in spam. • Exploiting a recently patched vulnerability in the SMB Server, thus resulting in the biggest ransomware attack to date. • Used 20 different languages to demand money from users using - an cryptocurrency called Bitcoin • Demanded US$300 per computer. Created By Ajuman Ramzey
Created By Ajuman Ramzey
RANSOMWARE DEFENSE, PREVENTION, AND REMOVAL Created By Ajuman Ramzey
• No particular way to stop ransomware, but a multi-layered approach can prevents it from reaching networks and systems to minimize the risk. • For Enterprises: Email and web gateway solutions such as Email Inspector and InterScan Web Security prevent virus from reaching end users. • At the endpoint level, Smart Protection Suites features behavior monitoring and application control, as well as vulnerability shielding to minimize the risk of getting infected . • Deep Discovery Inspector detects and blocks ransomware on networks, Deep Security stops ransomware from reaching enterprise servers—whether physical, virtual or in the cloud. RANSOMWARE DEFENCE Created By Ajuman Ramzey
• For small and medium-sized businesses: Worry-Free Services Advanced softwares offers cloud-based email gateway security through Hosted Email Security. • Its endpoint protection also delivers several capabilities such as behavior monitoring and a real-time web reputation service that detects and blocks. • For home users: Anti Virus Security Providers, provides robust protection by blocking malicious websites, emails, and files associated with this threat. Created By Ajuman Ramzey
RANSOMWARE PREVENTION • Avoid opening unverified emails or clicking links embedded in them. • Back up important files using the 3-2-1 rule - Create 3 backup copies on 2 different media with 1 backup in a separate location. • Regularly update software, programs, and applications to protect against the latest vulnerabilities. Created By Ajuman Ramzey
Created By Ajuman Ramzey

Recommended

Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
doiss delhi
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Sam sam
Sam sam Sam sam
Sam sam
malvvv
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
Titas Sarker
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
Manoj Kumar Mishra
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
Aaron Lancaster
 

Recommended

Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
doiss delhi
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Sam sam
Sam sam Sam sam
Sam sam
malvvv
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
Titas Sarker
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
Manoj Kumar Mishra
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
Aaron Lancaster
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
Yury Chemerkin
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
DDos
DDosDDos
DDos
rohit verma
 
Ddos
DdosDdos
Ddos
university of Gujrat, pakistan
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
Roberto Martelloni
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
sadhana21297
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
Symantec
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
Security Innovation
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
marada0033
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
Mohammad Reza Mousavinasr
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
NetFort
 

More Related Content

What's hot

Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
Yury Chemerkin
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
Symantec
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 

What's hot (20)

Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
DDos
DDosDDos
DDos
 
Ddos
DdosDdos
Ddos
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
 

Similar to Ransomware - Rameez Shahzada

A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
RSIS International
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
AshishDPatel1
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
RSIS International
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
Avinash Sinha
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
Solarwinds N-able
 

Similar to Ransomware - Rameez Shahzada (20)

Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Meeting02_RoT.pptx
Meeting02_RoT.pptxMeeting02_RoT.pptx
Meeting02_RoT.pptx
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
rensomware final ppt
rensomware final pptrensomware final ppt
rensomware final ppt
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
 
Gand crab ransomware analysis
Gand crab ransomware analysisGand crab ransomware analysis
Gand crab ransomware analysis
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 

Ransomware - Rameez Shahzada

  • 1. Ransomware PRESENTATION BY : RAMEEZ SHAHZADA KP
  • 2. WHAT IS RANSOMWARE? • Ransomware is a type of Malicious Software. • Block access to data. Retrieve Ransom has to pay. • Most ransomware today encrypt files using known algorithms like RSA or RC4, or using custom encryption. Created By Ajuman Ramzey
  • 3. HOW RANSOMWARE INFECTED ? • May executed from downloaded files. • Or by using compromised websites. • Arrive as a payload either dropped or downloaded by other malware. Created By Ajuman Ramzey
  • 4. RANSOMWARE BEHAVIOUR • In an executed system Ransomware encrypt predetermined files, thus, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system by providing instructions how pay for the ransom. • The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets. • Some ransomware deliver data as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems. Created By Ajuman Ramzey
  • 5. THE HISTORY AND EVOLUTION OF RANSOMWARE Early Years 2005 - 2016 Modern Ransomware 2016 -Created By Ajuman Ramzey
  • 6. • Cases of ransomware infection were first seen in Russia between 2005 – 2006. • In 2006 a Ransomware variant detected as TROJ_CRYZIP.A . • Following years encryption shared to particular file types such as DOC, .XLS, .JPG, .ZIP, .PDF, and other commonly used file extensions. • In 2011, SMS RANSOMWARE named as TROJ_RANSOM.QOWA asked users of to dial a premium SMS number from infected systems repeatedly displayed until user paid the ransom by dialing a premium number. • By 2012, Ransomware infections was across Europe and North America. TROJ_RANSOM.BOV displayed notification page supposedly from the local police agency instead of typical ransom note. EARLY YEARS Created By Ajuman Ramzey
  • 7. REVETON(2012) • Reveton a ransomware type that impersonates law enforcement agencies Known as Police Ransomware or Police Trojans. • It displays a warning from a law enforcement agency claiming that the computer has been used for illegal activities. Thus it ask to pay a fine. • Pretended tracked by law enforcement, by sharing the screen & IP address or share location of user or display footage of user’s webcam which was recorded. • Reveton initially began spreading in various European countries in early 2012 followed by USA & Canada. Created By Ajuman Ramzey
  • 9. CRYPTOLOCKER AND TORRENTLOCKER & CRYPTOWALL (2013-2014) • CryptoWall and CryptoLocker is a Trojans, waved in Australia. • Victims forced to pay the ransom even if the malware deleted as data's are encrypted. Due to this behavior, it was dubbed as “CryptoLocker”. • Like previous it demands payment from affected users for a decrypt key to unlock the encrypted files. • Spread via fraudulent e-mails claiming failed parcel delivery notices and designed in a way users visit a web page and enter a CAPTCHA code to download Payroll. • Ransom note in CryptoLocker & CryptoWall only specifies “RSA-2048” as the encryption method used, analysis shows that the malware uses AES + RSA encryption. Created By Ajuman Ramzey
  • 10. • Introduction of new variants of “CryptoLocker” • TROJ_UPATRE : Spreads through SPAM MAIL’s • WORM_CRILOCK.A : Spread via removable drives, a routine unheard of in other CRILOCK variants. • TROJ_CRYPTRBIT.H : Deletes backup files to prevent restoration of encrypted files, and demands payment for a decrypt key for the locked files. • TorrentLocker is also a Trojans, which was waved in Australia tailed by Turkey. Created By Ajuman Ramzey
  • 12. INTRODUCTION OF BITCOINS • Ransomware began incorporate to another element: cryptocurrency (e.g., Bitcoin) theft. • In 2014, Two variants of a new malware called BitCrypt. • The first variant, TROJ_CRIBIT.A, appends “.bitcrypt” to any encrypted files and displays a ransom note in English. • The second variant, TROJ_CRIBIT.B, appends the filename with “.bitcrypt 2″ and uses a multilingual ransom note in 10 languages. • CRIBIT variants use the encryption algorithms RSA(426)-AES and RSA(1024)-AES to encrypt the files, and specifies that the payment for unlocking files be made in Bitcoins. Created By Ajuman Ramzey
  • 13. • With the exception of some ransomware families that demand high amounts, ransomware variants typically ask for 0.5−5 Bitcoins (as of 2016) in exchange for a decrypt key. • This is important for two reasons • some variants increase the ransom as more time elapses with nonpayment. • The Bitcoin exchange rate is on the rise. • In January 2016, 1 BTC was worth US$431. Bitcoin's value has risen dramatically since then, topping out at US$1,082.55 at the end of March, 2017. Created By Ajuman Ramzey
  • 14. • The Angler Exploit Kit In 2015, the Angler exploit kit was popular exploit kits to spread ransomware. Used in a series of malvertisment attacks through popular media such as news websites and localized sites. • POSHCODER: PowerShell Abuse New variant of Ransomware and Cryptolocker threats surfaced that leverages the Windows PowerShell feature to encrypt files. TROJ_POSHCODER.A. Windows PowerShell is a built-in feature in Windows 7 and higher. POSHCODER uses AES encryption and an RSA 4096 public key to encrypt the said AES key. Once all files on the infected system are encrypted, it displays the following image: Created By Ajuman Ramzey
  • 15. RANSOMWARE EVOLVED: MODERN RANSOMWARE • After the shift to crypto-ransomware, the extortion malware has evolved, adding following features : 1. Countdown timers, 2. Ransom amounts that increase over time, 3. Infection routines that enable them to spread across networks and servers. • The latest developments show how threat actors are experimenting with new features, such as offering alternative payment platforms to make ransom payments easier, routines that threaten to cause potentially crippling damage to non-paying victims, or new distribution methods. Created By Ajuman Ramzey
  • 16. Types of Modern Evolved RansomwareCreated By Ajuman Ramzey
  • 18. LOCKY (RANSOM_LOCKY.A) • Discovered in February 2016. • Locky was notable for its distribution methods. • First seen arriving as a macro in a Word document, and then spotted being spread via Adobe Flash and Windows Kernel Exploits. One of the most actively-updated ransomware families. • Locky ransomware is known for deleting shadow copies of files to make local backups useless, and is notorious for being used in multiple high-profile attacks on healthcare facilities. Created By Ajuman Ramzey
  • 20. PETYA • Discovered in March 2016. • Unlike other ransomware, infect the Master Boot Record, installing a payload which encrypts file tables of the NTFS file system is blocked from booting into Windows at unless ransom is paid. • Recent Attacks on UKRAIN & INDIA Created By Ajuman Ramzey
  • 21. CERBER (RANSOM_CERBER.A) • First seen in early March 2016, • CERBER was notable for having a ‘VOICE’ feature that reads out the ransom message. • CERBER was also found to have a customizable configuration file that allows distributors to modify its components—a feature common for malware that's being sold in underground markets. • CERBER is also notorious for being used in an attack that potentially exposed millions of Microsoft Office 365 users to the infection. Created By Ajuman Ramzey
  • 23. SAMSAM (RANSOM_CRYPSAM.B) & JIGSAW (RANSOM_JIGSAW.I) • Discovered in March 2016, SAMSAM is installed after the attackers exploit vulnerabilities on unpatched servers—instead of the usual malicious URLs and spam emails—and uses these to compromise other machines. • JIGSAW seen in April 2016 . • Jigsaw's ransom note features a countdown timer to pressure its victims into paying—with a promise to increase the ransom amount while deleting portions of the encrypted files every time the timer runs out. Recent Jigsaw variants also featured a chat support feature that allows victims to contact the cybercriminal. Created By Ajuman Ramzey
  • 24. FUSOB • Major mobile ransomware virus. • It employs scare tactics to extort people to pay a ransom. • FUSOB pretends an accusatory authority, demanding to pay a fine from $100 to $200 or otherwise face a fictitious charge. • Reported about 56 % mobile was affected since from April 2015 and March 2016. • Also bluffed by suggests using iTunes gift cards for payment or a timer clicking down on the screen to the user’s by exciting deals. Created By Ajuman Ramzey
  • 25. WANNACRY WORM • WANNACRY RANSOMWARE infected more than 230,000 computers in over 150 countries in May 2017 . • Attack spread through the Internet via malicious Dropbox URLs embedded in spam. • Exploiting a recently patched vulnerability in the SMB Server, thus resulting in the biggest ransomware attack to date. • Used 20 different languages to demand money from users using - an cryptocurrency called Bitcoin • Demanded US$300 per computer. Created By Ajuman Ramzey
  • 27. RANSOMWARE DEFENSE, PREVENTION, AND REMOVAL Created By Ajuman Ramzey
  • 28. • No particular way to stop ransomware, but a multi-layered approach can prevents it from reaching networks and systems to minimize the risk. • For Enterprises: Email and web gateway solutions such as Email Inspector and InterScan Web Security prevent virus from reaching end users. • At the endpoint level, Smart Protection Suites features behavior monitoring and application control, as well as vulnerability shielding to minimize the risk of getting infected . • Deep Discovery Inspector detects and blocks ransomware on networks, Deep Security stops ransomware from reaching enterprise servers—whether physical, virtual or in the cloud. RANSOMWARE DEFENCE Created By Ajuman Ramzey
  • 29. • For small and medium-sized businesses: Worry-Free Services Advanced softwares offers cloud-based email gateway security through Hosted Email Security. • Its endpoint protection also delivers several capabilities such as behavior monitoring and a real-time web reputation service that detects and blocks. • For home users: Anti Virus Security Providers, provides robust protection by blocking malicious websites, emails, and files associated with this threat. Created By Ajuman Ramzey
  • 30. RANSOMWARE PREVENTION • Avoid opening unverified emails or clicking links embedded in them. • Back up important files using the 3-2-1 rule - Create 3 backup copies on 2 different media with 1 backup in a separate location. • Regularly update software, programs, and applications to protect against the latest vulnerabilities. Created By Ajuman Ramzey