SlideShare a Scribd company logo

Ransomware 2017: New threats emerge

Download as PPTX, PDF
Symantec Security Response
Symantec Security Response

Ransomware continues to be a major threat. This slidedeck looks at the first six months of 2017, examines why enterprises are being increasingly impacted by ransomware, and reviews the effect of high-profile incidents such as WannaCry and Petya. For more on this area, read Symantec Security Response's blog and whitepaper: https://www.symantec.com/connect/blogs/businesses-most-risk-new-breed-ransomware

1 of 20
Presenter Date Ransomware 2017: New threats emerge
2Copyright © 2017 Symantec Corporation o The advent of worm-type ransomware is a new and highly disruptive avenue of attack o Businesses in particular are most at risk from worm-type threats, which can spread in minutes across poorly secured networks o Infection numbers are continuing to trend upwards in the first six months of 2017, powered by the WannaCry and Petya outbreaks o Average ransom appears to have stabilized at $544, indicating attackers may have found their “sweet spot” o The U.S. is still the country most affected by ransomware, followed by Japan, Italy, India, Germany, Netherlands, UK, Australia, Russia, and Canada Key findings
3Copyright © 2017 Symantec Corporation Overview: New Ransomware families 0 20 40 60 80 100 120 2014 2015 2016 2017 (to date) • 98 new families in 2016 • 16 new families in year to date – Jan to Jun 2017 • Rate of new families appearing has begun to slow
4Copyright © 2017 Symantec Corporation Overview: Ransomware infections by month 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000 Trend Line • Infection numbers continue to trend upwards • Helped in no small part by May 2017 - WannaCry
5Copyright © 2017 Symantec Corporation Impact of WannaCry/Petya 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000 Total Without WannaCry and Petya
6Copyright © 2017 Symantec Corporation Overview: Detections by country, Jan – Jun 2017 Other Countries 31% United States 29% Japan 9% Italy 8% India 4% Germany 4% Netherlands 3% UK 3% Australia 3% Russia 3% Canada 3% • Same top ten countries • Very little change, most are +/- 1% • Except U.S., down from 34% to 29%
7Copyright © 2017 Symantec Corporation o Self-propagating, ransomware as a worm o WannaCry: Used leaked “EternalBlue” exploit to spread rapidly through organizations and across the internet o Petya: Used EternalBlue, but also other techniques to spread to patched computers, i.e. stealing credentials o Impact of both outbreaks means other attackers may attempt copycat threats New breed of threat: WannaCry and Petya
8Copyright © 2017 Symantec Corporation WannaCry and Petya: Organizations bear the brunt 70% 30% 2016 Consumer Enterprise 58% 42% 2017 (TO DATE) Consumer Enterprise • Balance of Enterprise vs. Consumer infections shifts dramatically between 2016 and 2017
9Copyright © 2017 Symantec Corporation WannaCry and Petya linked to this spike 0 10,000 20,000 30,000 40,000 50,000 60,000 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Consumer Enterprise • Enterprise infections jumped dramatically during May and June 2017, the months when WannaCry and Petya hit
10Copyright © 2017 Symantec Corporation o Worm-like propagation mechanisms designed to enable the ransomware to spread quickly across an entire computer network o Many consumer computers are not connected to a network, unlike those found in organizations o While WannaCry and Petya also did have the ability to spread across the internet to other vulnerable computers, this means of transmission again largely affected other organizations o Most home internet routers would have blocked infection attempts involving the EternalBlue exploit Why were enterprises disproportionally affected?
11Copyright © 2017 Symantec Corporation Main sources of ransomware continue to be: o Email o Exploit kits Organizations in particular need to worry about: o Targeted attacks Worms are not the only threat: How ransomware is spread
12Copyright © 2017 Symantec Corporation How ransomware is spread: Email o Number one distribution channel is massive malicious spam campaigns o Spam campaigns run by botnets comprising 1,000s of compromised computers o Major botnets capable of sending 1 million+ emails daily o Most use simple social engineering tactics, subject lines such as • Invoice • Delivery notification • Receipt
13Copyright © 2017 Symantec Corporation o Many exploit kit operators suffered disruption in past year o However, still a major ransomware distribution channel o Attackers can redirect users to exploit kits in a number of different ways: • Malicious links in spam email or social media posts • Malvertisements • Redirected web traffic from traffic distribution services o RIG exploit kit was one of the most active exploit kit operations involved in spreading ransomware so far in 2017 How ransomware is spread: Exploit kits
14Copyright © 2017 Symantec Corporation How ransomware is spread: Exploit kits 0 2,000,000 4,000,000 6,000,000 8,000,000 10,000,000 12,000,000 14,000,000 • After falling steadily for most of 2016, web attacks have begun to trend upwards again, indicating a resurgence in exploit kit activity
15Copyright © 2017 Symantec Corporation o Growing threat to organizations o Still small in number but potentially much more serious o Professional attackers may attempt to: • Move across network and identify targets of value • Encrypt multiple computers • Prevent restoration by encrypting or deleting backups How ransomware is spread: Targeted attacks
16Copyright © 2017 Symantec Corporation o Targeted ransomware attacks display high degree of technical competence o Use similar tactics to those used by cyber espionage groups • “Living off the land”—using freely available, legitimate network administration software and operating system features to help gain a foothold and move through a network • Stealing credentials and using them for lateral movement • Conducting advance reconnaissance to learn more about the target’s network How ransomware is spread: Targeted attacks
17Copyright © 2017 Symantec Corporation Cost of ransomware: Average ransom demand $0 $200 $400 $600 $800 $1,000 $1,200 2014 2015 2016 2017 (to date) o $544: average ransom demand from new ransomware families in first 6 months of 2017 o Down from 2016 when there was 3x increase in ransom demands o Attackers may have settled on “sweet spot” for ransom demands
18Copyright © 2017 Symantec Corporation “According to research carried out by the Norton Cyber Security Insight team, 34% of victims will pay the ransom. This proportion rises to 64% of victims in the U.S., providing some indication as to why the country is so heavily targeted….” How many people pay?
19Copyright © 2017 Symantec Corporation o Major corporations have said Petya will impact on financial results: o FedEx – delivery and logistics o AP Moller-Maersk – Danish shipping giant o Beiersdorf – German consumer products maker (Nivea cosmetics etc.) o Mondelez International – Chocolate maker (Cadburys, Oreos etc.) o Reckitt Benckiser – Pharmaceuticals Financial and reputational damage
20Copyright © 2017 Symantec Corporation 20Copyright © 2017 Symantec Corporation Thank you

Recommended

Dragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack groupDragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack group
Symantec Security Response
 
Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017
Symantec Security Response
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizations
Symantec Security Response
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
 
Wannacry
WannacryWannacry
Wannacry
Gunther Clauwaert
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
Ayoub Rouzi
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
Hostway|HOSTING
 

Recommended

Dragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack groupDragonfly: Western energy sector targeted by sophisticated attack group
Dragonfly: Western energy sector targeted by sophisticated attack group
Symantec Security Response
 
Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017
Symantec Security Response
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizations
Symantec Security Response
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
 
Wannacry
WannacryWannacry
Wannacry
Gunther Clauwaert
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
Ayoub Rouzi
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
Hostway|HOSTING
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
Thomas Roccia
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
i-engage
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
ITPG Secure Compliance and Certification Training
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Ransomware
RansomwareRansomware
Ransomware
DevAkabari
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
Roberto Martelloni
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
Kaspersky
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
Zubair Baig
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or Foe
Srinivas Thimmaiah
 
Wannacry-A Ransomware Attack
Wannacry-A Ransomware AttackWannacry-A Ransomware Attack
Wannacry-A Ransomware Attack
MahimaVerma28
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
SECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptxSECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptx
SHASHANKMISHRA737081
 

More Related Content

What's hot

WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
Thomas Roccia
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
i-engage
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
ITPG Secure Compliance and Certification Training
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Ransomware
RansomwareRansomware
Ransomware
DevAkabari
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
Roberto Martelloni
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
Kaspersky
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
Zubair Baig
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or Foe
Srinivas Thimmaiah
 
Wannacry-A Ransomware Attack
Wannacry-A Ransomware AttackWannacry-A Ransomware Attack
Wannacry-A Ransomware Attack
MahimaVerma28
 

What's hot (20)

WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Ransomware
RansomwareRansomware
Ransomware
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or Foe
 
Wannacry-A Ransomware Attack
Wannacry-A Ransomware AttackWannacry-A Ransomware Attack
Wannacry-A Ransomware Attack
 

Similar to Ransomware 2017: New threats emerge

Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
SECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptxSECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptx
SHASHANKMISHRA737081
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry Virus
East West University
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
Cyphort
 
Ksn report ransomware-and-malicious-cryptominers
Ksn report ransomware-and-malicious-cryptominersKsn report ransomware-and-malicious-cryptominers
Ksn report ransomware-and-malicious-cryptominers
malvvv
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-en
Andrey Apuhtin
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
CheapSSLsecurity
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
Kim Jensen
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
Cigniti Technologies Ltd
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
Envision Technology Advisors
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
Cyphort
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
Dryden Geary
 
HACKING
HACKINGHACKING
HACKING
pnath260
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008
Kim Jensen
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
Advanced Technology Consulting (ATC)
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
APNIC
 
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceHow to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
SparkCognition
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks Telefónica
Sergio Renteria Nuñez
 

Similar to Ransomware 2017: New threats emerge (20)

Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
 
SECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptxSECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptx
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry Virus
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
Ksn report ransomware-and-malicious-cryptominers
Ksn report ransomware-and-malicious-cryptominersKsn report ransomware-and-malicious-cryptominers
Ksn report ransomware-and-malicious-cryptominers
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-en
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
HACKING
HACKINGHACKING
HACKING
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceHow to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack Surface
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks Telefónica
 

More from Symantec Security Response

ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report
Symantec Security Response
 
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Symantec Security Response
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
Symantec Security Response
 
Financial threats review 2017
Financial threats review 2017Financial threats review 2017
Financial threats review 2017
Symantec Security Response
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
Symantec Security Response
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
Symantec Security Response
 

More from Symantec Security Response (6)

ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report
 
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
 
Financial threats review 2017
Financial threats review 2017Financial threats review 2017
Financial threats review 2017
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Ransomware 2017: New threats emerge

  • 2. 2Copyright © 2017 Symantec Corporation o The advent of worm-type ransomware is a new and highly disruptive avenue of attack o Businesses in particular are most at risk from worm-type threats, which can spread in minutes across poorly secured networks o Infection numbers are continuing to trend upwards in the first six months of 2017, powered by the WannaCry and Petya outbreaks o Average ransom appears to have stabilized at $544, indicating attackers may have found their “sweet spot” o The U.S. is still the country most affected by ransomware, followed by Japan, Italy, India, Germany, Netherlands, UK, Australia, Russia, and Canada Key findings
  • 3. 3Copyright © 2017 Symantec Corporation Overview: New Ransomware families 0 20 40 60 80 100 120 2014 2015 2016 2017 (to date) • 98 new families in 2016 • 16 new families in year to date – Jan to Jun 2017 • Rate of new families appearing has begun to slow
  • 4. 4Copyright © 2017 Symantec Corporation Overview: Ransomware infections by month 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000 Trend Line • Infection numbers continue to trend upwards • Helped in no small part by May 2017 - WannaCry
  • 5. 5Copyright © 2017 Symantec Corporation Impact of WannaCry/Petya 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000 Total Without WannaCry and Petya
  • 6. 6Copyright © 2017 Symantec Corporation Overview: Detections by country, Jan – Jun 2017 Other Countries 31% United States 29% Japan 9% Italy 8% India 4% Germany 4% Netherlands 3% UK 3% Australia 3% Russia 3% Canada 3% • Same top ten countries • Very little change, most are +/- 1% • Except U.S., down from 34% to 29%
  • 7. 7Copyright © 2017 Symantec Corporation o Self-propagating, ransomware as a worm o WannaCry: Used leaked “EternalBlue” exploit to spread rapidly through organizations and across the internet o Petya: Used EternalBlue, but also other techniques to spread to patched computers, i.e. stealing credentials o Impact of both outbreaks means other attackers may attempt copycat threats New breed of threat: WannaCry and Petya
  • 8. 8Copyright © 2017 Symantec Corporation WannaCry and Petya: Organizations bear the brunt 70% 30% 2016 Consumer Enterprise 58% 42% 2017 (TO DATE) Consumer Enterprise • Balance of Enterprise vs. Consumer infections shifts dramatically between 2016 and 2017
  • 9. 9Copyright © 2017 Symantec Corporation WannaCry and Petya linked to this spike 0 10,000 20,000 30,000 40,000 50,000 60,000 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Consumer Enterprise • Enterprise infections jumped dramatically during May and June 2017, the months when WannaCry and Petya hit
  • 10. 10Copyright © 2017 Symantec Corporation o Worm-like propagation mechanisms designed to enable the ransomware to spread quickly across an entire computer network o Many consumer computers are not connected to a network, unlike those found in organizations o While WannaCry and Petya also did have the ability to spread across the internet to other vulnerable computers, this means of transmission again largely affected other organizations o Most home internet routers would have blocked infection attempts involving the EternalBlue exploit Why were enterprises disproportionally affected?
  • 11. 11Copyright © 2017 Symantec Corporation Main sources of ransomware continue to be: o Email o Exploit kits Organizations in particular need to worry about: o Targeted attacks Worms are not the only threat: How ransomware is spread
  • 12. 12Copyright © 2017 Symantec Corporation How ransomware is spread: Email o Number one distribution channel is massive malicious spam campaigns o Spam campaigns run by botnets comprising 1,000s of compromised computers o Major botnets capable of sending 1 million+ emails daily o Most use simple social engineering tactics, subject lines such as • Invoice • Delivery notification • Receipt
  • 13. 13Copyright © 2017 Symantec Corporation o Many exploit kit operators suffered disruption in past year o However, still a major ransomware distribution channel o Attackers can redirect users to exploit kits in a number of different ways: • Malicious links in spam email or social media posts • Malvertisements • Redirected web traffic from traffic distribution services o RIG exploit kit was one of the most active exploit kit operations involved in spreading ransomware so far in 2017 How ransomware is spread: Exploit kits
  • 14. 14Copyright © 2017 Symantec Corporation How ransomware is spread: Exploit kits 0 2,000,000 4,000,000 6,000,000 8,000,000 10,000,000 12,000,000 14,000,000 • After falling steadily for most of 2016, web attacks have begun to trend upwards again, indicating a resurgence in exploit kit activity
  • 15. 15Copyright © 2017 Symantec Corporation o Growing threat to organizations o Still small in number but potentially much more serious o Professional attackers may attempt to: • Move across network and identify targets of value • Encrypt multiple computers • Prevent restoration by encrypting or deleting backups How ransomware is spread: Targeted attacks
  • 16. 16Copyright © 2017 Symantec Corporation o Targeted ransomware attacks display high degree of technical competence o Use similar tactics to those used by cyber espionage groups • “Living off the land”—using freely available, legitimate network administration software and operating system features to help gain a foothold and move through a network • Stealing credentials and using them for lateral movement • Conducting advance reconnaissance to learn more about the target’s network How ransomware is spread: Targeted attacks
  • 17. 17Copyright © 2017 Symantec Corporation Cost of ransomware: Average ransom demand $0 $200 $400 $600 $800 $1,000 $1,200 2014 2015 2016 2017 (to date) o $544: average ransom demand from new ransomware families in first 6 months of 2017 o Down from 2016 when there was 3x increase in ransom demands o Attackers may have settled on “sweet spot” for ransom demands
  • 18. 18Copyright © 2017 Symantec Corporation “According to research carried out by the Norton Cyber Security Insight team, 34% of victims will pay the ransom. This proportion rises to 64% of victims in the U.S., providing some indication as to why the country is so heavily targeted….” How many people pay?
  • 19. 19Copyright © 2017 Symantec Corporation o Major corporations have said Petya will impact on financial results: o FedEx – delivery and logistics o AP Moller-Maersk – Danish shipping giant o Beiersdorf – German consumer products maker (Nivea cosmetics etc.) o Mondelez International – Chocolate maker (Cadburys, Oreos etc.) o Reckitt Benckiser – Pharmaceuticals Financial and reputational damage
  • 20. 20Copyright © 2017 Symantec Corporation 20Copyright © 2017 Symantec Corporation Thank you