SlideShare a Scribd company logo
RANSOMWARE IS HERE: FUNDAMENTALS
EVERYONE NEEDS TO KNOW
JEREMIAH GROSSMAN
CHIEF OF SECURITY STRATEGY
@jeremiahg
https://www.jeremiahgrossman.com/
http://blog.jeremiahgrossman.com/
http://sentinelone.com/
JEREMIAH GROSSMAN
WHO I AM…
▸ Professional Hacker
▸ OWASP Person of the Year (2015)
▸ International Speaker
▸ Black Belt in Brazilian Jiu-Jitsu
▸ Founder of WhiteHat Security
“RANSOMWARE IS A TYPE OF MALWARE
THAT CAN BE COVERTLY INSTALLED ON A
COMPUTER WITHOUT KNOWLEDGE OR
INTENTION OF THE USER THAT RESTRICTS
ACCESS TO THE INFECTED COMPUTER
SYSTEM IN SOME WAY, AND DEMANDS THAT
THE USER PAY A RANSOM TO THE MALWARE
OPERATORS TO REMOVE THE RESTRICTION.”
Wikipedia
WHAT IS RANSOMWARE?
YOU KNOW IT
WHEN INFECTED WITH
RANSOMWARE…
Ransomware is Here: Fundamentals Everyone Needs to Know
CRYPTO LOCKER CRYPTO WALL TESLACRYPT
REVETON JIGSAW LOCKY
“THERE ARE NOW MORE THAN 120 SEPARATE
FAMILIES OF RANSOMWARE, SAID EXPERTS
STUDYING THE MALICIOUS SOFTWARE.”
ORDER OR OPERATIONS
STEP-BY-STEP
1. Targeting – OS, geography, banking/ecommerce, consumer
2. Propagation – spear-phishing, drive-by-download, attachments
3. Exploit – exploit kits, vulnerability-based, unpatched systems
4. Infection – payload delivery, backdoor access
5. Execution – encryption, disruption, blocked access, RANSOM
DESIGNED TO EVADE DETECTION
01100111
01010110
10101010
10100101
10001010
11010011
00101101
Wrappers: Turn known code into a new
binary
Variations / Obfuscators: Slightly alter
code to make known code appear new/
different
Packers: Ensure code runs only on a real
machine (anti-VM, sleepers, interactions,
anti-debug)
Targeting: Allows code to run only on a
specific target machine/configuration
Ransomware Code: The actual attack
code that attacks your files, blocks access
to the system and/or encrypts data
“THE FBI RECENTLY PUBLISHED
THAT RANSOMWARE VICTIMS
PAID OUT $209 MILLION IN Q1
2016 COMPARED TO $24
MILLION FOR ALL OF 2015.”
LA Times
THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
“IN ITS LETTER, THE DHS NOTED THAT ITS
NATIONAL CYBERSECURITY AND
COMMUNICATIONS INTEGRATION CENTER
(NCCIC) HAD INITIATED OR RECEIVED 321
REPORTS OF RANSOMWARE-RELATED
ACTIVITY AFFECTING 29 DIFFERENT FEDERAL
AGENCIES SINCE JUNE 2015. THE 321
REPORTS INCLUDE ATTEMPTED INFECTIONS
AND INFECTIONS THAT WERE DEALT WITH BY
THE AGENCIES' INTERNAL SECURITY TEAMS.”
Business Insider
THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
WHY THE RANSOMWARE EXPLOSION NOW?
ALMOST 50% AFFECTED END UP
MAKING THE PAYMENT
The number of users who came across crypto ransomware in
the last year increased by more than 500% over the previous
year. (Dec, 2015) -Kaspersky
THE RANSOM AND PAYMENT METHODS
▸ $200-$2000, average $300 (High $20,000)
▸ Most commonly paid through BitCoin
▸ Also through premium SMS/phone call,
anonymous cash card or prepaid transfer
service
Secondary Motives
▸ Leave spyware behind
▸ Open backdoors
▸ Steal passwords
RANSOMWARE DOES NOT NEED ROOT ACCESS
"RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A
WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS
CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE
SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
HOSPITALS NASCAR GOVERNMENT
SCHOOLS POLICE GAMERS
“ON WEDNESDAY, U.S. SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY
CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250
DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE,
PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.”
“[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT
PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY
PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS
WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.”
“IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10
HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED
DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK
ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
“NASCAR TEAM CIRCLE SPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT
FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO
CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM
HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO
REPLICATE.”
“RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT
(BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF
RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER
SYSTEMS OFFLINE.”
“POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN
THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH
PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE
SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH
AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW
ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
“TO BE HONEST, WE OFTEN
ADVISE PEOPLE JUST TO PAY
THE RANSOM.”
-JOSEPH BONAVOLONTA
ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S
CYBER & COUNTERINTELLIGENCE PROGRAM
The Security Ledger
TO PAY OR NOT TO PAY…
“THE FBI DOES NOT ADVISE VICTIMS ON WHETHER OR
NOT TO PAY THE RANSOM.”
"THE FBI ADVISES THAT THE USE OF BACKUP FILES IS
AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF
RANSOMWARE AND THAT IMPLEMENTING COMPUTER
SECURITY BEST PRACTICES IS THE MOST EFFECTIVE
WAY TO PREVENT RANSOMWARE INFECTIONS,”
-DONALD J. GOOD
DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION
SOFTPEDIA
THE FBI’S “OFFICIAL” POSITION
Ransomware is Here: Fundamentals Everyone Needs to Know
RANSOMWARE IS INNOVATING
RESEARCH AND DEVELOPMENT INCREASING
Ransomware is Here: Fundamentals Everyone Needs to Know
▸ Recent ransomware is targeted,
sophisticated and harder to detect
▸ Once data is encrypted there
virtually no options
▸ Modern encryption techniques
impossible to break
▸ Restore from backups is time
consuming, some data loss
▸ CryptoLocker 3.0 payments have
been estimated at $325 Million
▸ Ransomware criminals netting
roughly $150 Million per year
SOPHISTATION
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
BUSINESS MODELS
ARE EVOLVING AND
MATURING
Ransomware is Here: Fundamentals Everyone Needs to Know

More Related Content

What's hot

Wannacry
WannacryWannacry
Ransomeware
RansomewareRansomeware
Ransomeware
Abul Hossain Ripon
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Jay Beale
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
Manoj Kumar Mishra
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
Thomas Roccia
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
Diego Souza
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
Titas Sarker
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
Salim Al Talie
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
East Midlands Cyber Security Forum
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
Symantec Security Response
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
chrismannering
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
Cheng Olayvar
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
WhiskeyNeon
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
Cyren, Inc
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 

What's hot (20)

Wannacry
WannacryWannacry
Wannacry
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 

Similar to Ransomware is Here: Fundamentals Everyone Needs to Know

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
HiYeti1
 
Ransomware webinar may 2016 final version external
Ransomware webinar   may 2016 final version externalRansomware webinar   may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
PPIT Lecture 17
PPIT Lecture 17PPIT Lecture 17
PPIT Lecture 17
Kashif Sohail
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer Crimes
Mar Soriano
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
Roel Palmaers
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
AnjaliThakur107042
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
Umer Saeed
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
Ransomware Presentation.pptx
Ransomware Presentation.pptxRansomware Presentation.pptx
Ransomware Presentation.pptx
MirMurtaza39
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
Francisco Diaz III
 
Ransomware - Rameez Shahzada
Ransomware - Rameez ShahzadaRansomware - Rameez Shahzada
Ransomware - Rameez Shahzada
RAMEEZ SHAHZADA
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
MuhammadAbdullah201796
 
Professional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: CrimeProfessional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: Crime
frazaslam10
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
Business law assignment
Business law assignmentBusiness law assignment
Business law assignment
SriAthi
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
Infosectrain3
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
Eguardian Global Services
 

Similar to Ransomware is Here: Fundamentals Everyone Needs to Know (20)

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Ransomware webinar may 2016 final version external
Ransomware webinar   may 2016 final version externalRansomware webinar   may 2016 final version external
Ransomware webinar may 2016 final version external
 
PPIT Lecture 17
PPIT Lecture 17PPIT Lecture 17
PPIT Lecture 17
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer Crimes
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Ransomware Presentation.pptx
Ransomware Presentation.pptxRansomware Presentation.pptx
Ransomware Presentation.pptx
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Ransomware - Rameez Shahzada
Ransomware - Rameez ShahzadaRansomware - Rameez Shahzada
Ransomware - Rameez Shahzada
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
 
Professional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: CrimeProfessional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: Crime
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Business law assignment
Business law assignmentBusiness law assignment
Business law assignment
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
 

More from Jeremiah Grossman

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
Jeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
Jeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
Jeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Jeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
Jeremiah Grossman
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
Jeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
Jeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
Jeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
Jeremiah Grossman
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Jeremiah Grossman
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
Jeremiah Grossman
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
Jeremiah Grossman
 

More from Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 

Recently uploaded

July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
janagijoythi
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 

Recently uploaded (20)

July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 

Ransomware is Here: Fundamentals Everyone Needs to Know

  • 1. RANSOMWARE IS HERE: FUNDAMENTALS EVERYONE NEEDS TO KNOW JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY @jeremiahg https://www.jeremiahgrossman.com/ http://blog.jeremiahgrossman.com/ http://sentinelone.com/
  • 2. JEREMIAH GROSSMAN WHO I AM… ▸ Professional Hacker ▸ OWASP Person of the Year (2015) ▸ International Speaker ▸ Black Belt in Brazilian Jiu-Jitsu ▸ Founder of WhiteHat Security
  • 3. “RANSOMWARE IS A TYPE OF MALWARE THAT CAN BE COVERTLY INSTALLED ON A COMPUTER WITHOUT KNOWLEDGE OR INTENTION OF THE USER THAT RESTRICTS ACCESS TO THE INFECTED COMPUTER SYSTEM IN SOME WAY, AND DEMANDS THAT THE USER PAY A RANSOM TO THE MALWARE OPERATORS TO REMOVE THE RESTRICTION.” Wikipedia WHAT IS RANSOMWARE?
  • 4. YOU KNOW IT WHEN INFECTED WITH RANSOMWARE…
  • 6. CRYPTO LOCKER CRYPTO WALL TESLACRYPT REVETON JIGSAW LOCKY “THERE ARE NOW MORE THAN 120 SEPARATE FAMILIES OF RANSOMWARE, SAID EXPERTS STUDYING THE MALICIOUS SOFTWARE.”
  • 7. ORDER OR OPERATIONS STEP-BY-STEP 1. Targeting – OS, geography, banking/ecommerce, consumer 2. Propagation – spear-phishing, drive-by-download, attachments 3. Exploit – exploit kits, vulnerability-based, unpatched systems 4. Infection – payload delivery, backdoor access 5. Execution – encryption, disruption, blocked access, RANSOM
  • 8. DESIGNED TO EVADE DETECTION 01100111 01010110 10101010 10100101 10001010 11010011 00101101 Wrappers: Turn known code into a new binary Variations / Obfuscators: Slightly alter code to make known code appear new/ different Packers: Ensure code runs only on a real machine (anti-VM, sleepers, interactions, anti-debug) Targeting: Allows code to run only on a specific target machine/configuration Ransomware Code: The actual attack code that attacks your files, blocks access to the system and/or encrypts data
  • 9. “THE FBI RECENTLY PUBLISHED THAT RANSOMWARE VICTIMS PAID OUT $209 MILLION IN Q1 2016 COMPARED TO $24 MILLION FOR ALL OF 2015.” LA Times THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 10. “IN ITS LETTER, THE DHS NOTED THAT ITS NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER (NCCIC) HAD INITIATED OR RECEIVED 321 REPORTS OF RANSOMWARE-RELATED ACTIVITY AFFECTING 29 DIFFERENT FEDERAL AGENCIES SINCE JUNE 2015. THE 321 REPORTS INCLUDE ATTEMPTED INFECTIONS AND INFECTIONS THAT WERE DEALT WITH BY THE AGENCIES' INTERNAL SECURITY TEAMS.” Business Insider THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 11. WHY THE RANSOMWARE EXPLOSION NOW?
  • 12. ALMOST 50% AFFECTED END UP MAKING THE PAYMENT The number of users who came across crypto ransomware in the last year increased by more than 500% over the previous year. (Dec, 2015) -Kaspersky
  • 13. THE RANSOM AND PAYMENT METHODS ▸ $200-$2000, average $300 (High $20,000) ▸ Most commonly paid through BitCoin ▸ Also through premium SMS/phone call, anonymous cash card or prepaid transfer service Secondary Motives ▸ Leave spyware behind ▸ Open backdoors ▸ Steal passwords
  • 14. RANSOMWARE DOES NOT NEED ROOT ACCESS "RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
  • 16. “ON WEDNESDAY, U.S. SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250 DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE, PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.” “[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.” “IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10 HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
  • 17. “NASCAR TEAM CIRCLE SPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO REPLICATE.” “RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT (BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER SYSTEMS OFFLINE.” “POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
  • 18. “TO BE HONEST, WE OFTEN ADVISE PEOPLE JUST TO PAY THE RANSOM.” -JOSEPH BONAVOLONTA ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S CYBER & COUNTERINTELLIGENCE PROGRAM The Security Ledger TO PAY OR NOT TO PAY…
  • 19. “THE FBI DOES NOT ADVISE VICTIMS ON WHETHER OR NOT TO PAY THE RANSOM.” "THE FBI ADVISES THAT THE USE OF BACKUP FILES IS AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF RANSOMWARE AND THAT IMPLEMENTING COMPUTER SECURITY BEST PRACTICES IS THE MOST EFFECTIVE WAY TO PREVENT RANSOMWARE INFECTIONS,” -DONALD J. GOOD DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION SOFTPEDIA THE FBI’S “OFFICIAL” POSITION
  • 24. ▸ Recent ransomware is targeted, sophisticated and harder to detect ▸ Once data is encrypted there virtually no options ▸ Modern encryption techniques impossible to break ▸ Restore from backups is time consuming, some data loss ▸ CryptoLocker 3.0 payments have been estimated at $325 Million ▸ Ransomware criminals netting roughly $150 Million per year SOPHISTATION