Uploaded byHiYeti1
PDF, PPTX556 views

Ransomware (1).pdf

The document discusses the history and evolution of ransomware attacks from 1989 to the present. It provides details on notable ransomware attacks like WannaCry in 2017 and NotPetya in 2017. WannaCry spread to over 150 countries and encrypted data on hundreds of thousands of computers, demanding ransom payments in bitcoin. It exploited a Windows vulnerability. NotPetya similarly spread rapidly through Ukraine and globally, affecting a major shipping company and causing over $10 billion in damages by encrypting and wiping data. The document outlines the modus operandi and impacts of these attacks as well as measures to prevent future ransomware infections like patching systems, isolating infected devices, and implementing security best practices.

Embed presentation

Download as PDF, PPTX
RANSOMWARE ATTACK Presented By: Sushmita Timalsina Safal Bolakhe
PURPOSE OF PRESENTATION Educate and Raise awareness about the threat of ransomware Case Study Analysis Proactive measures to mitigate the impact of ransomware attacks. 1 2 3
TABLE OF CONTENT History of Ransomware 1 Types of Ransomware 2 Ransomware attacks around the world 3 How it started? Modus Operandi How was it stopped?
WHAT IS RANSOMWARE? Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
HISTORY OF RANSOMWARE THINK BEFORE YOU CLICK!
01 THE GENESIS OF RANSOMWARE (1989-2006) 02 RANSOMWARE HAS BEEN MORE PREVALENT SINCE THE INTERNET WAS WIDELY USED (2007–2016) In 1989, Joseph L. Popp distributed 20,000 floppy disks containing information about the AIDS virus to patients and healthcare organizations worldwide. Victims paid a $189 ransom to obtain decryption software. Ransomware has been present for almost 15 years, with digital currencies and cryptocurrencies enabling more convenient payments and anonymity. PGPCoder, first appearing in 2005, was one of the earliest ransomware examples. Archievus ransomware added a file called "how to get your files back.txt" in 2006, making decryption more difficult. Ransomware became more prevalent during the internet's widespread use from 2007 to 2016. WinLock ransomware, a pornographic image popup, and Reveton ransomware, a $200 fine-seeking variation, were popular among internet users to escape penalties for copyright infringement or pornographic sharing. Later, ransom demands evolved to increase the likelihood of payment. The internet's rapid expansion during this period contributed to the spread of ransomware.
03 THE DEVELOPMENT OF STATE-SPONSORED WORLDWIDE ATTACKS (2017-2018) 04 THE BIG GAME HUNTING ERA (2019–2021) In 2017, WannaCry, a ransomware attack, affected 300,000 devices across 150 countries. Cybercriminals attacked backup points and erased them to prevent data restoration. NotPetya, a ransomware borrowed from WannaCry, was used as a weapon during wars between Russia and Ukraine, causing large-scale data destruction. The U.S. government valued the damage at over $10 billion by the end of 2018. Cybercriminals have developed a "big game hunting" technique targeting major corporations, increasing ransom demand from $13,000 to $36,000. They also threatened to sell targeted companies' data on the darknet through double extortion. Maze and Egregor ransomware used data disclosure to persuade businesses to pay. Sodinokibi was hired to exploit this technique, and Colonial Pipeline and Darkside were targeted. Acer and Kaseya were also targeted, and the FBI confiscated ransom money worth $2.3 million. 05 CYBERCRIME HAS BECOMING MORE ORGANIZED (2021- PRESENT) Ransomware as a service (RaaS) has significantly impacted the cybercrime industry by providing access to infrastructure to less skilled attackers, enabling them to profit from victims' ransom payments. Advancements in replication, communication, and data theft have led to more complex malware like Lockbit and DarkSide. Initial Access Brokers (IABs) pose a new threat in 2021, allowing other organizations to access corporate networks for their own attacks. Limiting ransomware would prevent IABs from operating and restrict their access to organizations' back doors.
TYPES OF RANSOMWARE SCAREWARE Deceptive software that uses fear tactics to trick users into believing their systems are infected with malware in order to extort money. RANSOMWARE ENCRYPTION The process of encrypting files and data by malicious software (ransomware) with the intention of holding them hostage until a ransom is paid, typically in cryptocurrency, to obtain the decryption key. MOBILE RANSOMWARE The term "mobile ransomware" refers to malware that encrypts data on mobile devices like smartphones and tablets and demands money to decode the data or unlock the device. SCREEN LOCKERS: These applications are made to lock the victim out of their computer and prevent them from accessing any documents or data. Usually, a notice is shown that requests money in order to be unlocked.
RANSOMWARE ATTACKS AROUND THE WORLD WannaCry Ransomware attack NotPetya ransomware attack Costa Rican Ransomware attack
WANNACRY RANSOMWARE In May 2017, the WannaCry ransomware attack, a global cyberattack, targeted over 150 nations and 230,000 computers worldwide. The worm encrypts data stored on a PC's hard drive and requests a bitcoin ransom to unlock it. It targeted prominent systems, took advantage of a Windows flaw, and was possibly related to the Lazarus Group, a cybercrime gang with ties to the North Korean government. The malware infected 65% of ISPs in Latin America, making it one of the largest ransomware attacks in history. The attack affected small and medium-sized businesses, large corporations, governmental and private sectors, railroads, hospitals, banks, shopping centers, and ministries. The ransomware spread to over 11 countries within just a few hours, and by the end of the first day, it had been discovered in 74 countries within thousands of organizations. The damage to police, energy companies, and ISPs was immense, with no end in sight.
HOW IT STARTED? WannaCry was initiated through a malicious software program that exploited a vulnerability in Microsoft Windows operating systems. According to Jenkinson, The hacking gang behind WannaCry, which started in 2009 with primitive DDoS attacks on systems belonging to the South Korean government, has been identified by Symantec as the Lazarus gang. The U.S. government concurred with this evaluation, according to Tom Bossert's op-ed in the Wall Street Journal from December 2017. The Lazarus Group has developed its skills, hacking Sony and committing bank heists.
The WannaCry ransomware malware is straightforward to use and infects the infected system using a dropper. It includes files including encryption keys, a copy of Tor, and a program for encrypting and decrypting data. Once it's run, it tries to access a hard-coded URL if it fails, it searches for and encrypts files in a number of essential formats, making them inaccessible to the user. After the data are encrypted, a ransom message demanding payment in Bitcoin emerges.
Removing Wannacry install the most recent patche 2 Implement Security Measures 3 1 Isolate Infected Systems It is essential to quickly isolate infected systems in order to reduce the spread and impact of WannaCry ransomware attacks. Monitoring network activity, cutting them off from the internet, turning off remote access tools, isolating them, patching vulnerabilities, utilizing antivirus or anti-malware software, and restoring impacted files are all part of this process. To stop such assaults, it is crucial to reinforce security procedures among users, such as creating strong passwords, being cautious of phishing emails, and updating software frequently. Find the software or operating system that needs to be patched, then go to the vendor's official website or support page to rapidly install the most recent updates. Locate the most recent patch or update that corresponds to your version and edition. Install the proper patch by downloading the file and following the installation instructions. Check the software's version number or the vendor release notes to confirm the installation. For any more systems that require patches, repeat this procedure. It is essential to often check for updates and swiftly apply fixes to preserve system security and operation. Applying the most recent security patches, keeping up-to-date antivirus and anti-malware software, putting strong network security measures like firewalls and intrusion detection systems in place, enforcing stringent email security procedures, and creating routine data backups are all examples of effective network security practices. Test the backup restoration procedure frequently to make sure it works as intended. For continued safety, it's essential to make sure that updates are automatic and continual. To stop ransomware attacks, it's critical that staff members recognize questionable emails, avoid clicking on strange links, and never open attachments from unknown sources.
NotPetya Ransomware Attack 2017
HOW IT STARTED? The attack began in 2017, when Maersk, one of the world’s largest shipping companies, was attacked. The attack started when Maersk staff began to panic and gathered at the help desk with their laptops. According to Greenberg (2018), in the laptops of the staff, there was a message displaying repairing file system on c drive or your files are encrypted. The attackers then demanded 300$ worth of Bitcoin for decrypting the system. When an IT officer was abruptly interrupted while working on his machine, he looked around to see all other machines around him were also abruptly restarting or flickering. People in the Maersk headquarters began to realize that a full-scale crisis was happening. Staff started taking measures to stop the infection from spreading across networks.
According to Greenberg (2018), in 2017, a software company in Kiev, Ukraine called Linkos Group served as the starting ground for one of the most devastating cyberattacks in history. A group of Russian Hackers called the Sandworm hijacked the software company’s update server so that they had access to thousands of computers in Ukraine. Then, the group used the backdoor they had access to push one of the most powerful attacks in the history of computing. The code the attackers pushed could spread automatically and rapidly. It was one of the fastest-propagating malware ever.
Backdoor
Attackers
MODUS OPERANDI The architects of NotPetya used two exploits to power the ransomware. One of the exploits was a penetration tool known as EternalBlue. This exploit was created by the United States National Security Agency. This was accessible by the attackers because the tool was leaked in a disastrous data breach by the agency. The EternalBlue tool was used with another tool called Mimikatz. This tool was originally released to show that Windows stored users’ passwords in the memory and could pull it out of the memory. Windows rolled an update to patch the vulnerability but out-of-date systems could still be affected. Now with the combination of both of these tools, hackers could pull passwords out of these out-of-date computers and then use the retrieved passwords to hack into other machines. The ransomware was notorious because even though it displayed a message to decrypt the user’s files after the ransom was paid, the ransom was not payable, and it did not decrypt the files. The ransomware was purely destructive. It destroyed the user's data irreversibly.
Exploits
Purely Destructive & Involvement of Russian Military Intelligence
The ransomware NotPetya shared some resemblance with WannaCry. According to Hern (2017), NotPetya was based on the same tool as the WannaCry ransomware. This ransomware was also odd in the sense that it was not built for monetary gain. Even if the users were able to pay the specified amount, the files were irreversibly destroyed. This gave specialists a new approach to why the attack happened. Russia and Ukraine have been constantly trading digital blows. This attack was powerful and spread rapidly. This soon became a worldwide phenomenon. According to Schouwenberg (2019), it is generally believed that NotPetya was an idea of the Russian military intelligence agency. After the attack, most companies ended up with their whole Windows infrastructure wiped out.
AFFECTED COMPANIES Maersk (250-300 million dollars) 1 Mondelez 2 Merck WPP Reckitt Banckiser 3 4 5
Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Disconnect
As NotPetya was initiated due to a vulnerability in Microsoft Windows, Windows released a patch to prevent the exploit that the NotPetya depended on. The organizations and the people that were affected by the NotPetya virus also disconnected from the internet to stop the further spreading of the virus. The files that were damaged by the virus were not recoverable.
Conti's attack on the Costa Rican Government (2022)
HOW IT STARTED? In 2022, government institutions of Costa Rica, were sieged by a ransomware group known as the Conti. According to Nast (2022) we can also say that the attack has crippled many of the country’s important services. The services that were halted include the international trade grounds, and tax payments. Medical appointments have also been rescheduled. This cost the country millions of dollars. The country also declared a national emergency due to the damages done by the ransomware. The group, Conti, had demanded a ransom of 10 million dollars initially which was declined by the Costa Rican Government. Then, the group attacked many other ministries of the government and the ransom was increased to 20 million dollars. This was refused by the Costa Rican Government and they have struggled to get all the systems back online. The staffs in the affected government offices of the country have been forced to move to pen and paper due to the attack. Ministry of Finance
The Administrative Board of the Electrical Service of the province of Cartago (Jasec) The Ministry of Science, Innovation Technology and Telecommunications The Ministry of Labor and Social Security (MTSS) The National Meteorological Institute (IMN) The Interuniversity Headquarters of Alajuela eteorological Institute (IMN) The Social Development and Family Allowances Fund (FODESAF) Costa Rican Social Security Fund (CCSS). AFFECTED MINISTRIES
MODUS OPERANDI According to Feeley and Hartley (2019), this ransomware by Conti contains new and advanced techniques that only a few other ransomware variants have exhibited so far. This ransomware is designed in such a way that it can remotely be controlled and is one of the fastest encrypting ransomware. It gives the attacker such freedom that they can even control what kind of files are encrypted and the order they get encrypted in. Phishing and watering hole attacks are some of the methods the attackers used to infect the systems of the Costa Rican government. The attackers started from the Ministry of Finance. They were able to get into the system through phishing and watering hole attacks. Phishing Watering hole
Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Assist from US
The Costa Rican government declared a national emergency and the United States of America assisted them technically to get the attackers out of the system. The attacking group, Conti shut down all sites used for ransom negotiation and took all the data leak sites offline. Some sources even say that the attackers had inside help from the government.
COURSE REFELCTION: 1 Explored the concept of the Internet of Things (IoT) and its applications in various industries 2 Explored communication protocols and networking concepts essential for connecting IoT devices and facilitating data exchange. 3 Engaged with industry professionals invited by the professor to share their expertise and insights on various emerging technologies. 4 Had the opportunity to directly interact with AR and VR technology, gaining practical experience through games like Pokemon Go. 5 The interactive sessions and hands-on activities helped deepen understanding of emerging technologies beyond theoretical knowledge.
References Feeley, B., & Hartley, B. (2019, February 15). “Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web. Purplesec. https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/ Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. WIRED. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Hassan, N. A. (2019). Ransomware overview. Ransomware Revealed, 3-28. https://doi.org/10.1007/978-1-4842-4255-1_1 Hern, A. (2017, December 30). WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. The Guardian; The Guardian. https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware Jenkinson, A. (2022). CNA ransomware attack and cyber insurance. Ransomware and Cybercrime, 29-37. https://doi.org/10.1201/9781003278214-5 Kiru, M. U., & Jantan, A. (2020). Ransomware evolution: Solving ransomware attack challenges. The Evolution of Business in the Cyber Age, 193-229. https://doi.org/10.1201/9780429276484-9 Nast, C. (2022). Conti’s Attack Against Costa Rica Sparks a New Ransomware Era. Wired UK. https://www.wired.co.uk/article/costa-rica-ransomware-conti Paraschiva, I. (2019). WannaCry ransomware attack from Romanian police perspective. International Journal of Information Security and Cybercrime, 8(1), 65-72. https://doi.org/10.19107/ijisc.2019.01.09 Schouwenberg, R. (2019). NotPetya Ushered In a New Era of Malware. Www.vice.com. https://www.vice.com/en/article/7x5vnz/notpetya-ushered-in-a-new-era-of-malware
THANK YOU

More Related Content

PPTX
malware analysis
by20CS201AkashR
 
PPTX
Dos attack
byManjushree Mashal
 
PDF
What is Ransomware?
byDatto
 
PDF
Analysing Ransomware
byNapier University
 
PDF
Ransomware
bym3 Networks Limited
 
PPT
Brute Forcing
byn|u - The Open Security Community
 
PPTX
Ransomware
byChaitali Sharma
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
malware analysis
by20CS201AkashR
 
Dos attack
byManjushree Mashal
 
What is Ransomware?
byDatto
 
Analysing Ransomware
byNapier University
 
Ransomware
bym3 Networks Limited
 
Brute Forcing
byn|u - The Open Security Community
 
Ransomware
byChaitali Sharma
 
Basics of Denial of Service Attacks
byHansa Nidushan
 

What's hot

PPT
Mirai
byMokshagna Manne
 
PPTX
virtualization and hypervisors
byGaurav Suri
 
PPT
Computer virus
byRohit Nayak
 
PPTX
cybersecurity
bymaha797959
 
PDF
Cyber security
byShivam Yadav
 
PPTX
Ransomware
byAkshita Pillai
 
PPT
NetWitness
byTechBiz Forense Digital
 
PPT
Phishing attacks ppt
byAryan Ragu
 
PPTX
MALWARE AND ITS TYPES
bydaniyalqureshi712
 
PPTX
Dos n d dos
bysadhana21297
 
PDF
OS Fingerprinting
byRashmika Nawaratne
 
PPTX
What is Ransomware
byjeetendra mandal
 
PPTX
Types of attacks in cyber security
byBansari Shah
 
PPTX
MFA-Powerpoint.pptx
byrestonverdana
 
PDF
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
PDF
What is malware
byMalcolm York
 
PPTX
Endpoint Security Pres.pptx
byNBBNOC
 
PPTX
Chapter 06: cloud computing trends
bySsendiSamuel
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PDF
Stuxnet
byShishir Aryal
 
Mirai
byMokshagna Manne
 
virtualization and hypervisors
byGaurav Suri
 
Computer virus
byRohit Nayak
 
cybersecurity
bymaha797959
 
Cyber security
byShivam Yadav
 
Ransomware
byAkshita Pillai
 
NetWitness
byTechBiz Forense Digital
 
Phishing attacks ppt
byAryan Ragu
 
MALWARE AND ITS TYPES
bydaniyalqureshi712
 
Dos n d dos
bysadhana21297
 
OS Fingerprinting
byRashmika Nawaratne
 
What is Ransomware
byjeetendra mandal
 
Types of attacks in cyber security
byBansari Shah
 
MFA-Powerpoint.pptx
byrestonverdana
 
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
What is malware
byMalcolm York
 
Endpoint Security Pres.pptx
byNBBNOC
 
Chapter 06: cloud computing trends
bySsendiSamuel
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Stuxnet
byShishir Aryal
 

Similar to Ransomware (1).pdf

PDF
Combating RANSOMWare
byUmer Saeed
 
PPTX
Defend Your Company Against Ransomware
byKevo Meehan
 
PDF
Your money or your files
byRoel Palmaers
 
PDF
wp-understanding-ransomware-strategies-defeat
byRobert Leong
 
PPTX
Ransomware : A cyber crime without solution ? by Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
Ransomware ly
byLisa Young
 
PDF
What is ransomware?
byMilan Santana
 
PPTX
MMW April 2016 Ransomware Resurgence
byCyphort
 
PDF
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
PPTX
WannaCry Ransomware
byZoho Corporation
 
PDF
3. Ransomware (cyber awareness series)
byIsaac Feliciano
 
PDF
Get Smart about Ransomware: Protect Yourself and Organization
bySecurity Innovation
 
PPTX
Ransomware attack
byAmna
 
PDF
Ransomware - Rameez Shahzada
byRAMEEZ SHAHZADA
 
PDF
The Wannacry Effect - Provided by Raconteur
byGary Chambers
 
PDF
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
byAshishDPatel1
 
PDF
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
byRSIS International
 
PDF
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
byRSIS International
 
PDF
Ransomware hostage rescue manual
byRoel Palmaers
 
PDF
The Complete Guide to Ransomware Protection for SMBs
byProtected Harbor
 
Combating RANSOMWare
byUmer Saeed
 
Defend Your Company Against Ransomware
byKevo Meehan
 
Your money or your files
byRoel Palmaers
 
wp-understanding-ransomware-strategies-defeat
byRobert Leong
 
Ransomware : A cyber crime without solution ? by Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ransomware ly
byLisa Young
 
What is ransomware?
byMilan Santana
 
MMW April 2016 Ransomware Resurgence
byCyphort
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
WannaCry Ransomware
byZoho Corporation
 
3. Ransomware (cyber awareness series)
byIsaac Feliciano
 
Get Smart about Ransomware: Protect Yourself and Organization
bySecurity Innovation
 
Ransomware attack
byAmna
 
Ransomware - Rameez Shahzada
byRAMEEZ SHAHZADA
 
The Wannacry Effect - Provided by Raconteur
byGary Chambers
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
byAshishDPatel1
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
byRSIS International
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
byRSIS International
 
Ransomware hostage rescue manual
byRoel Palmaers
 
The Complete Guide to Ransomware Protection for SMBs
byProtected Harbor
 

Recently uploaded

PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
final.pdf
byomarbishtawi04
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays New York 2025 | AI in Application Security
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 

Ransomware (1).pdf

  • 1.
  • 2.
    PURPOSE OF PRESENTATION Educate and Raise awareness aboutthe threat of ransomware Case Study Analysis Proactive measures to mitigate the impact of ransomware attacks. 1 2 3
  • 3.
    TABLE OF CONTENT Historyof Ransomware 1 Types of Ransomware 2 Ransomware attacks around the world 3 How it started? Modus Operandi How was it stopped?
  • 4.
    WHAT IS RANSOMWARE? Ransomware isa type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
  • 5.
  • 6.
    01 THE GENESIS OF RANSOMWARE(1989-2006) 02 RANSOMWARE HAS BEEN MORE PREVALENT SINCE THE INTERNET WAS WIDELY USED (2007–2016) In 1989, Joseph L. Popp distributed 20,000 floppy disks containing information about the AIDS virus to patients and healthcare organizations worldwide. Victims paid a $189 ransom to obtain decryption software. Ransomware has been present for almost 15 years, with digital currencies and cryptocurrencies enabling more convenient payments and anonymity. PGPCoder, first appearing in 2005, was one of the earliest ransomware examples. Archievus ransomware added a file called "how to get your files back.txt" in 2006, making decryption more difficult. Ransomware became more prevalent during the internet's widespread use from 2007 to 2016. WinLock ransomware, a pornographic image popup, and Reveton ransomware, a $200 fine-seeking variation, were popular among internet users to escape penalties for copyright infringement or pornographic sharing. Later, ransom demands evolved to increase the likelihood of payment. The internet's rapid expansion during this period contributed to the spread of ransomware.
  • 7.
    03 THE DEVELOPMENT OF STATE-SPONSORED WORLDWIDEATTACKS (2017-2018) 04 THE BIG GAME HUNTING ERA (2019–2021) In 2017, WannaCry, a ransomware attack, affected 300,000 devices across 150 countries. Cybercriminals attacked backup points and erased them to prevent data restoration. NotPetya, a ransomware borrowed from WannaCry, was used as a weapon during wars between Russia and Ukraine, causing large-scale data destruction. The U.S. government valued the damage at over $10 billion by the end of 2018. Cybercriminals have developed a "big game hunting" technique targeting major corporations, increasing ransom demand from $13,000 to $36,000. They also threatened to sell targeted companies' data on the darknet through double extortion. Maze and Egregor ransomware used data disclosure to persuade businesses to pay. Sodinokibi was hired to exploit this technique, and Colonial Pipeline and Darkside were targeted. Acer and Kaseya were also targeted, and the FBI confiscated ransom money worth $2.3 million. 05 CYBERCRIME HAS BECOMING MORE ORGANIZED (2021- PRESENT) Ransomware as a service (RaaS) has significantly impacted the cybercrime industry by providing access to infrastructure to less skilled attackers, enabling them to profit from victims' ransom payments. Advancements in replication, communication, and data theft have led to more complex malware like Lockbit and DarkSide. Initial Access Brokers (IABs) pose a new threat in 2021, allowing other organizations to access corporate networks for their own attacks. Limiting ransomware would prevent IABs from operating and restrict their access to organizations' back doors.
  • 8.
    TYPES OF RANSOMWARE SCAREWARE Deceptive softwarethat uses fear tactics to trick users into believing their systems are infected with malware in order to extort money. RANSOMWARE ENCRYPTION The process of encrypting files and data by malicious software (ransomware) with the intention of holding them hostage until a ransom is paid, typically in cryptocurrency, to obtain the decryption key. MOBILE RANSOMWARE The term "mobile ransomware" refers to malware that encrypts data on mobile devices like smartphones and tablets and demands money to decode the data or unlock the device. SCREEN LOCKERS: These applications are made to lock the victim out of their computer and prevent them from accessing any documents or data. Usually, a notice is shown that requests money in order to be unlocked.
  • 9.
    RANSOMWARE ATTACKS AROUND THEWORLD WannaCry Ransomware attack NotPetya ransomware attack Costa Rican Ransomware attack
  • 10.
    WANNACRY RANSOMWARE In May 2017,the WannaCry ransomware attack, a global cyberattack, targeted over 150 nations and 230,000 computers worldwide. The worm encrypts data stored on a PC's hard drive and requests a bitcoin ransom to unlock it. It targeted prominent systems, took advantage of a Windows flaw, and was possibly related to the Lazarus Group, a cybercrime gang with ties to the North Korean government. The malware infected 65% of ISPs in Latin America, making it one of the largest ransomware attacks in history. The attack affected small and medium-sized businesses, large corporations, governmental and private sectors, railroads, hospitals, banks, shopping centers, and ministries. The ransomware spread to over 11 countries within just a few hours, and by the end of the first day, it had been discovered in 74 countries within thousands of organizations. The damage to police, energy companies, and ISPs was immense, with no end in sight.
  • 11.
    HOW IT STARTED? WannaCrywas initiated through a malicious software program that exploited a vulnerability in Microsoft Windows operating systems. According to Jenkinson, The hacking gang behind WannaCry, which started in 2009 with primitive DDoS attacks on systems belonging to the South Korean government, has been identified by Symantec as the Lazarus gang. The U.S. government concurred with this evaluation, according to Tom Bossert's op-ed in the Wall Street Journal from December 2017. The Lazarus Group has developed its skills, hacking Sony and committing bank heists.
  • 12.
    The WannaCry ransomwaremalware is straightforward to use and infects the infected system using a dropper. It includes files including encryption keys, a copy of Tor, and a program for encrypting and decrypting data. Once it's run, it tries to access a hard-coded URL if it fails, it searches for and encrypts files in a number of essential formats, making them inaccessible to the user. After the data are encrypted, a ransom message demanding payment in Bitcoin emerges.
  • 13.
    Removing Wannacry install themost recent patche 2 Implement Security Measures 3 1 Isolate Infected Systems It is essential to quickly isolate infected systems in order to reduce the spread and impact of WannaCry ransomware attacks. Monitoring network activity, cutting them off from the internet, turning off remote access tools, isolating them, patching vulnerabilities, utilizing antivirus or anti-malware software, and restoring impacted files are all part of this process. To stop such assaults, it is crucial to reinforce security procedures among users, such as creating strong passwords, being cautious of phishing emails, and updating software frequently. Find the software or operating system that needs to be patched, then go to the vendor's official website or support page to rapidly install the most recent updates. Locate the most recent patch or update that corresponds to your version and edition. Install the proper patch by downloading the file and following the installation instructions. Check the software's version number or the vendor release notes to confirm the installation. For any more systems that require patches, repeat this procedure. It is essential to often check for updates and swiftly apply fixes to preserve system security and operation. Applying the most recent security patches, keeping up-to-date antivirus and anti-malware software, putting strong network security measures like firewalls and intrusion detection systems in place, enforcing stringent email security procedures, and creating routine data backups are all examples of effective network security practices. Test the backup restoration procedure frequently to make sure it works as intended. For continued safety, it's essential to make sure that updates are automatic and continual. To stop ransomware attacks, it's critical that staff members recognize questionable emails, avoid clicking on strange links, and never open attachments from unknown sources.
  • 14.
  • 15.
    HOW IT STARTED? Theattack began in 2017, when Maersk, one of the world’s largest shipping companies, was attacked. The attack started when Maersk staff began to panic and gathered at the help desk with their laptops. According to Greenberg (2018), in the laptops of the staff, there was a message displaying repairing file system on c drive or your files are encrypted. The attackers then demanded 300$ worth of Bitcoin for decrypting the system. When an IT officer was abruptly interrupted while working on his machine, he looked around to see all other machines around him were also abruptly restarting or flickering. People in the Maersk headquarters began to realize that a full-scale crisis was happening. Staff started taking measures to stop the infection from spreading across networks.
  • 16.
    According to Greenberg(2018), in 2017, a software company in Kiev, Ukraine called Linkos Group served as the starting ground for one of the most devastating cyberattacks in history. A group of Russian Hackers called the Sandworm hijacked the software company’s update server so that they had access to thousands of computers in Ukraine. Then, the group used the backdoor they had access to push one of the most powerful attacks in the history of computing. The code the attackers pushed could spread automatically and rapidly. It was one of the fastest-propagating malware ever.
  • 18.
  • 19.
  • 20.
    MODUS OPERANDI The architectsof NotPetya used two exploits to power the ransomware. One of the exploits was a penetration tool known as EternalBlue. This exploit was created by the United States National Security Agency. This was accessible by the attackers because the tool was leaked in a disastrous data breach by the agency. The EternalBlue tool was used with another tool called Mimikatz. This tool was originally released to show that Windows stored users’ passwords in the memory and could pull it out of the memory. Windows rolled an update to patch the vulnerability but out-of-date systems could still be affected. Now with the combination of both of these tools, hackers could pull passwords out of these out-of-date computers and then use the retrieved passwords to hack into other machines. The ransomware was notorious because even though it displayed a message to decrypt the user’s files after the ransom was paid, the ransom was not payable, and it did not decrypt the files. The ransomware was purely destructive. It destroyed the user's data irreversibly.
  • 21.
  • 22.
    Purely Destructive & Involvement ofRussian Military Intelligence
  • 23.
    The ransomware NotPetyashared some resemblance with WannaCry. According to Hern (2017), NotPetya was based on the same tool as the WannaCry ransomware. This ransomware was also odd in the sense that it was not built for monetary gain. Even if the users were able to pay the specified amount, the files were irreversibly destroyed. This gave specialists a new approach to why the attack happened. Russia and Ukraine have been constantly trading digital blows. This attack was powerful and spread rapidly. This soon became a worldwide phenomenon. According to Schouwenberg (2019), it is generally believed that NotPetya was an idea of the Russian military intelligence agency. After the attack, most companies ended up with their whole Windows infrastructure wiped out.
  • 24.
    AFFECTED COMPANIES Maersk (250-300million dollars) 1 Mondelez 2 Merck WPP Reckitt Banckiser 3 4 5
  • 25.
    Measures taken tostop the attack Up-to-date 2 Strong Firewalls 3 1 Disconnect
  • 26.
    As NotPetya wasinitiated due to a vulnerability in Microsoft Windows, Windows released a patch to prevent the exploit that the NotPetya depended on. The organizations and the people that were affected by the NotPetya virus also disconnected from the internet to stop the further spreading of the virus. The files that were damaged by the virus were not recoverable.
  • 27.
    Conti's attack onthe Costa Rican Government (2022)
  • 28.
    HOW IT STARTED? In2022, government institutions of Costa Rica, were sieged by a ransomware group known as the Conti. According to Nast (2022) we can also say that the attack has crippled many of the country’s important services. The services that were halted include the international trade grounds, and tax payments. Medical appointments have also been rescheduled. This cost the country millions of dollars. The country also declared a national emergency due to the damages done by the ransomware. The group, Conti, had demanded a ransom of 10 million dollars initially which was declined by the Costa Rican Government. Then, the group attacked many other ministries of the government and the ransom was increased to 20 million dollars. This was refused by the Costa Rican Government and they have struggled to get all the systems back online. The staffs in the affected government offices of the country have been forced to move to pen and paper due to the attack. Ministry of Finance
  • 29.
    The Administrative Boardof the Electrical Service of the province of Cartago (Jasec) The Ministry of Science, Innovation Technology and Telecommunications The Ministry of Labor and Social Security (MTSS) The National Meteorological Institute (IMN) The Interuniversity Headquarters of Alajuela eteorological Institute (IMN) The Social Development and Family Allowances Fund (FODESAF) Costa Rican Social Security Fund (CCSS). AFFECTED MINISTRIES
  • 30.
    MODUS OPERANDI According toFeeley and Hartley (2019), this ransomware by Conti contains new and advanced techniques that only a few other ransomware variants have exhibited so far. This ransomware is designed in such a way that it can remotely be controlled and is one of the fastest encrypting ransomware. It gives the attacker such freedom that they can even control what kind of files are encrypted and the order they get encrypted in. Phishing and watering hole attacks are some of the methods the attackers used to infect the systems of the Costa Rican government. The attackers started from the Ministry of Finance. They were able to get into the system through phishing and watering hole attacks. Phishing Watering hole
  • 31.
    Measures taken tostop the attack Up-to-date 2 Strong Firewalls 3 1 Assist from US
  • 32.
    The Costa Ricangovernment declared a national emergency and the United States of America assisted them technically to get the attackers out of the system. The attacking group, Conti shut down all sites used for ransom negotiation and took all the data leak sites offline. Some sources even say that the attackers had inside help from the government.
  • 33.
    COURSE REFELCTION: 1 Explored theconcept of the Internet of Things (IoT) and its applications in various industries 2 Explored communication protocols and networking concepts essential for connecting IoT devices and facilitating data exchange. 3 Engaged with industry professionals invited by the professor to share their expertise and insights on various emerging technologies. 4 Had the opportunity to directly interact with AR and VR technology, gaining practical experience through games like Pokemon Go. 5 The interactive sessions and hands-on activities helped deepen understanding of emerging technologies beyond theoretical knowledge.
  • 34.
    References Feeley, B., &Hartley, B. (2019, February 15). “Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web. Purplesec. https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/ Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. WIRED. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Hassan, N. A. (2019). Ransomware overview. Ransomware Revealed, 3-28. https://doi.org/10.1007/978-1-4842-4255-1_1 Hern, A. (2017, December 30). WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. The Guardian; The Guardian. https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware Jenkinson, A. (2022). CNA ransomware attack and cyber insurance. Ransomware and Cybercrime, 29-37. https://doi.org/10.1201/9781003278214-5 Kiru, M. U., & Jantan, A. (2020). Ransomware evolution: Solving ransomware attack challenges. The Evolution of Business in the Cyber Age, 193-229. https://doi.org/10.1201/9780429276484-9 Nast, C. (2022). Conti’s Attack Against Costa Rica Sparks a New Ransomware Era. Wired UK. https://www.wired.co.uk/article/costa-rica-ransomware-conti Paraschiva, I. (2019). WannaCry ransomware attack from Romanian police perspective. International Journal of Information Security and Cybercrime, 8(1), 65-72. https://doi.org/10.19107/ijisc.2019.01.09 Schouwenberg, R. (2019). NotPetya Ushered In a New Era of Malware. Www.vice.com. https://www.vice.com/en/article/7x5vnz/notpetya-ushered-in-a-new-era-of-malware
  • 35.