Join Steve Sletten, senior field systems engineer for Tripwire, for a short, information packed webinar that will focus on how to leverage basic security controls to protect and detect ransomware attacks before significant damage is done. Steve will cover: • The evolutions of ransomware and how the most common vectors for the “ransomware on steroids” now attacking organizations. • How to layer three basic security controls to make your organization harder to target, regardless of the infection vector. • The top three ransomware mistakes most organizations make and what to do about them.

2. 2014 - 2016 – Cryptowall 1.0 - 4.0 Ransomware takes steroids.
• Distributed using various exploit kits, spam campaigns and
malvertising techniques.
• Exchanges encryption keys with C&C over L2P network via
heavily obfuscated URL’s using “Domain Generation
Algorithm” (DGA).
• Tor used to serve ransom notification and service website,
allowing victims to make payments, find out the status of a
payment, get one free decryption, and create support
requests.
• Uses multiple encryption algorithms.
• Observed using undocumented API calls to identify local
language settings of the compromised host for better C&C
upgrades.
• Disables and deletes all automatic Windows backup
mechanisms, and can bypass GPO.
• Polymorphic and leverages anti-VM and anti-emulation
techniques.

5.  CIS Critical Security Controls
 ISO 27000-series
 NIST 800-53: Federal Information Systems
Management Act (FISMA)
 Health Insurance Portability and Accountability Act
(HIPAA)
 Payment Card Industry Data Security Standard (PCI
DSS)
 Sarbanes-Oxley (SOX)

6. Inventory
of Assets
Secure
Configuration
Logging
Malware
Defense

10. tripwire.com | @TripwireInc

11. tripwire.com | @TripwireInc
ssletten@tripwire.com
www.tripwire.com
sales@tripwire.com