SlideShare a Scribd company logo
RANSOMWARE IS HERE: FUNDAMENTALS
EVERYONE NEEDS TO KNOW
JEREMIAH GROSSMAN
CHIEF OF SECURITY STRATEGY
@jeremiahg
https://www.jeremiahgrossman.com/
http://blog.jeremiahgrossman.com/
http://sentinelone.com/
JEREMIAH GROSSMAN
WHO I AM…
▸ Professional Hacker
▸ OWASP Person of the Year (2015)
▸ International Speaker
▸ Black Belt in Brazilian Jiu-Jitsu
▸ Founder of WhiteHat Security
“RANSOMWARE IS A TYPE OF MALWARE
THAT CAN BE COVERTLY INSTALLED ON A
COMPUTER WITHOUT KNOWLEDGE OR
INTENTION OF THE USER THAT RESTRICTS
ACCESS TO THE INFECTED COMPUTER
SYSTEM IN SOME WAY, AND DEMANDS THAT
THE USER PAY A RANSOM TO THE MALWARE
OPERATORS TO REMOVE THE RESTRICTION.”
Wikipedia
WHAT IS RANSOMWARE?
YOU KNOW IT
WHEN INFECTED WITH
RANSOMWARE…
CRYPTO LOCKER CRYPTO WALL TESLACRYPT
REVETON JIGSAW LOCKY
“THERE ARE NOW MORE THAN 120 SEPARATE
FAMILIES OF RANSOMWARE, SAID EXPERTS
STUDYING THE MALICIOUS SOFTWARE.”
ORDER OR OPERATIONS
STEP-BY-STEP
1. Targeting – OS, geography, banking/ecommerce, consumer
2. Propagation – spear-phishing, drive-by-download, attachments
3. Exploit – exploit kits, vulnerability-based, unpatched systems
4. Infection – payload delivery, backdoor access
5. Execution – encryption, disruption, blocked access, RANSOM
DESIGNED TO EVADE DETECTION
01100111
01010110
10101010
10100101
10001010
11010011
00101101
Wrappers: Turn known code into a new
binary
Variations / Obfuscators: Slightly alter
code to make known code appear new/
different
Packers: Ensure code runs only on a real
machine (anti-VM, sleepers, interactions,
anti-debug)
Targeting: Allows code to run only on a
specific target machine/configuration
Ransomware Code: The actual attack
code that attacks your files, blocks access
to the system and/or encrypts data
“THE FBI RECENTLY PUBLISHED
THAT RANSOMWARE VICTIMS
PAID OUT $209 MILLION IN Q1
2016 COMPARED TO $24
MILLION FOR ALL OF 2015.”
LA Times
THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
“IN ITS LETTER, THE DHS NOTED THAT ITS
NATIONAL CYBERSECURITY AND
COMMUNICATIONS INTEGRATION CENTER
(NCCIC) HAD INITIATED OR RECEIVED 321
REPORTS OF RANSOMWARE-RELATED
ACTIVITY AFFECTING 29 DIFFERENT FEDERAL
AGENCIES SINCE JUNE 2015. THE 321
REPORTS INCLUDE ATTEMPTED INFECTIONS
AND INFECTIONS THAT WERE DEALT WITH BY
THE AGENCIES' INTERNAL SECURITY TEAMS.”
Business Insider
THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
WHY THE RANSOMWARE EXPLOSION NOW?
ALMOST 50% AFFECTED END UP
MAKING THE PAYMENT
The number of users who came across crypto ransomware in
the last year increased by more than 500% over the previous
year. (Dec, 2015) -Kaspersky
THE RANSOM AND PAYMENT METHODS
▸ $200-$2000, average $300 (High $20,000)
▸ Most commonly paid through BitCoin
▸ Also through premium SMS/phone call,
anonymous cash card or prepaid transfer
service
Secondary Motives
▸ Leave spyware behind
▸ Open backdoors
▸ Steal passwords
RANSOMWARE DOES NOT NEED ROOT ACCESS
"RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A
WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS
CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE
SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
HOSPITALS NASCAR GOVERNMENT
SCHOOLS POLICE GAMERS
“ON WEDNESDAY, U.S. SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY
CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250
DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE,
PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.”
“[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT
PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY
PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS
WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.”
“IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10
HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED
DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK
ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
“NASCAR TEAM CIRCLE SPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT
FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO
CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM
HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO
REPLICATE.”
“RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT
(BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF
RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER
SYSTEMS OFFLINE.”
“POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN
THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH
PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE
SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH
AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW
ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
“TO BE HONEST, WE OFTEN
ADVISE PEOPLE JUST TO PAY
THE RANSOM.”
-JOSEPH BONAVOLONTA
ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S
CYBER & COUNTERINTELLIGENCE PROGRAM
The Security Ledger
TO PAY OR NOT TO PAY…
“THE FBI DOES NOT ADVISE VICTIMS ON WHETHER OR
NOT TO PAY THE RANSOM.”
"THE FBI ADVISES THAT THE USE OF BACKUP FILES IS
AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF
RANSOMWARE AND THAT IMPLEMENTING COMPUTER
SECURITY BEST PRACTICES IS THE MOST EFFECTIVE
WAY TO PREVENT RANSOMWARE INFECTIONS,”
-DONALD J. GOOD
DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION
SOFTPEDIA
THE FBI’S “OFFICIAL” POSITION
RANSOMWARE IS INNOVATING
RESEARCH AND DEVELOPMENT INCREASING
▸ Recent ransomware is targeted,
sophisticated and harder to detect
▸ Once data is encrypted there
virtually no options
▸ Modern encryption techniques
impossible to break
▸ Restore from backups is time
consuming, some data loss
▸ CryptoLocker 3.0 payments have
been estimated at $325 Million
▸ Ransomware criminals netting
roughly $150 Million per year
SOPHISTATION
BUSINESS MODELS
ARE EVOLVING AND
MATURING
Ransomware is Here: Fundamentals Everyone Needs to Know

More Related Content

What's hot

Wannacry
WannacryWannacry
Ransomeware
RansomewareRansomeware
Ransomeware
Abul Hossain Ripon
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Jay Beale
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
Manoj Kumar Mishra
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
Thomas Roccia
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
Diego Souza
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
Titas Sarker
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
Salim Al Talie
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
East Midlands Cyber Security Forum
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
Symantec Security Response
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
chrismannering
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
Cheng Olayvar
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
WhiskeyNeon
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
Cyren, Inc
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 

What's hot (20)

Wannacry
WannacryWannacry
Wannacry
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 

Similar to Ransomware is Here: Fundamentals Everyone Needs to Know

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
HiYeti1
 
Ransomware webinar may 2016 final version external
Ransomware webinar   may 2016 final version externalRansomware webinar   may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
PPIT Lecture 17
PPIT Lecture 17PPIT Lecture 17
PPIT Lecture 17
Kashif Sohail
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer Crimes
Mar Soriano
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
Roel Palmaers
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
AnjaliThakur107042
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
Umer Saeed
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
Ransomware Presentation.pptx
Ransomware Presentation.pptxRansomware Presentation.pptx
Ransomware Presentation.pptx
MirMurtaza39
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
Francisco Diaz III
 
Ransomware - Rameez Shahzada
Ransomware - Rameez ShahzadaRansomware - Rameez Shahzada
Ransomware - Rameez Shahzada
RAMEEZ SHAHZADA
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
MuhammadAbdullah201796
 
Professional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: CrimeProfessional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: Crime
frazaslam10
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
Business law assignment
Business law assignmentBusiness law assignment
Business law assignment
SriAthi
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
Infosectrain3
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
Eguardian Global Services
 

Similar to Ransomware is Here: Fundamentals Everyone Needs to Know (20)

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Ransomware webinar may 2016 final version external
Ransomware webinar   may 2016 final version externalRansomware webinar   may 2016 final version external
Ransomware webinar may 2016 final version external
 
PPIT Lecture 17
PPIT Lecture 17PPIT Lecture 17
PPIT Lecture 17
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer Crimes
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Ransomware Presentation.pptx
Ransomware Presentation.pptxRansomware Presentation.pptx
Ransomware Presentation.pptx
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Ransomware - Rameez Shahzada
Ransomware - Rameez ShahzadaRansomware - Rameez Shahzada
Ransomware - Rameez Shahzada
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
 
Professional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: CrimeProfessional Practices PPT Slide on Chapter 5: Crime
Professional Practices PPT Slide on Chapter 5: Crime
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Business law assignment
Business law assignmentBusiness law assignment
Business law assignment
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
 

More from Jeremiah Grossman

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
Jeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
Jeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
Jeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Jeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
Jeremiah Grossman
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
Jeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
Jeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
Jeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
Jeremiah Grossman
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Jeremiah Grossman
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
Jeremiah Grossman
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
Jeremiah Grossman
 

More from Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 

Recently uploaded

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 

Recently uploaded (20)

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 

Ransomware is Here: Fundamentals Everyone Needs to Know

  • 1. RANSOMWARE IS HERE: FUNDAMENTALS EVERYONE NEEDS TO KNOW JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY @jeremiahg https://www.jeremiahgrossman.com/ http://blog.jeremiahgrossman.com/ http://sentinelone.com/
  • 2. JEREMIAH GROSSMAN WHO I AM… ▸ Professional Hacker ▸ OWASP Person of the Year (2015) ▸ International Speaker ▸ Black Belt in Brazilian Jiu-Jitsu ▸ Founder of WhiteHat Security
  • 3. “RANSOMWARE IS A TYPE OF MALWARE THAT CAN BE COVERTLY INSTALLED ON A COMPUTER WITHOUT KNOWLEDGE OR INTENTION OF THE USER THAT RESTRICTS ACCESS TO THE INFECTED COMPUTER SYSTEM IN SOME WAY, AND DEMANDS THAT THE USER PAY A RANSOM TO THE MALWARE OPERATORS TO REMOVE THE RESTRICTION.” Wikipedia WHAT IS RANSOMWARE?
  • 4. YOU KNOW IT WHEN INFECTED WITH RANSOMWARE…
  • 5.
  • 6. CRYPTO LOCKER CRYPTO WALL TESLACRYPT REVETON JIGSAW LOCKY “THERE ARE NOW MORE THAN 120 SEPARATE FAMILIES OF RANSOMWARE, SAID EXPERTS STUDYING THE MALICIOUS SOFTWARE.”
  • 7. ORDER OR OPERATIONS STEP-BY-STEP 1. Targeting – OS, geography, banking/ecommerce, consumer 2. Propagation – spear-phishing, drive-by-download, attachments 3. Exploit – exploit kits, vulnerability-based, unpatched systems 4. Infection – payload delivery, backdoor access 5. Execution – encryption, disruption, blocked access, RANSOM
  • 8. DESIGNED TO EVADE DETECTION 01100111 01010110 10101010 10100101 10001010 11010011 00101101 Wrappers: Turn known code into a new binary Variations / Obfuscators: Slightly alter code to make known code appear new/ different Packers: Ensure code runs only on a real machine (anti-VM, sleepers, interactions, anti-debug) Targeting: Allows code to run only on a specific target machine/configuration Ransomware Code: The actual attack code that attacks your files, blocks access to the system and/or encrypts data
  • 9. “THE FBI RECENTLY PUBLISHED THAT RANSOMWARE VICTIMS PAID OUT $209 MILLION IN Q1 2016 COMPARED TO $24 MILLION FOR ALL OF 2015.” LA Times THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 10. “IN ITS LETTER, THE DHS NOTED THAT ITS NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER (NCCIC) HAD INITIATED OR RECEIVED 321 REPORTS OF RANSOMWARE-RELATED ACTIVITY AFFECTING 29 DIFFERENT FEDERAL AGENCIES SINCE JUNE 2015. THE 321 REPORTS INCLUDE ATTEMPTED INFECTIONS AND INFECTIONS THAT WERE DEALT WITH BY THE AGENCIES' INTERNAL SECURITY TEAMS.” Business Insider THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 11. WHY THE RANSOMWARE EXPLOSION NOW?
  • 12. ALMOST 50% AFFECTED END UP MAKING THE PAYMENT The number of users who came across crypto ransomware in the last year increased by more than 500% over the previous year. (Dec, 2015) -Kaspersky
  • 13. THE RANSOM AND PAYMENT METHODS ▸ $200-$2000, average $300 (High $20,000) ▸ Most commonly paid through BitCoin ▸ Also through premium SMS/phone call, anonymous cash card or prepaid transfer service Secondary Motives ▸ Leave spyware behind ▸ Open backdoors ▸ Steal passwords
  • 14. RANSOMWARE DOES NOT NEED ROOT ACCESS "RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
  • 16. “ON WEDNESDAY, U.S. SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250 DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE, PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.” “[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.” “IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10 HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
  • 17. “NASCAR TEAM CIRCLE SPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO REPLICATE.” “RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT (BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER SYSTEMS OFFLINE.” “POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
  • 18. “TO BE HONEST, WE OFTEN ADVISE PEOPLE JUST TO PAY THE RANSOM.” -JOSEPH BONAVOLONTA ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S CYBER & COUNTERINTELLIGENCE PROGRAM The Security Ledger TO PAY OR NOT TO PAY…
  • 19. “THE FBI DOES NOT ADVISE VICTIMS ON WHETHER OR NOT TO PAY THE RANSOM.” "THE FBI ADVISES THAT THE USE OF BACKUP FILES IS AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF RANSOMWARE AND THAT IMPLEMENTING COMPUTER SECURITY BEST PRACTICES IS THE MOST EFFECTIVE WAY TO PREVENT RANSOMWARE INFECTIONS,” -DONALD J. GOOD DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION SOFTPEDIA THE FBI’S “OFFICIAL” POSITION
  • 20.
  • 23.
  • 24. ▸ Recent ransomware is targeted, sophisticated and harder to detect ▸ Once data is encrypted there virtually no options ▸ Modern encryption techniques impossible to break ▸ Restore from backups is time consuming, some data loss ▸ CryptoLocker 3.0 payments have been estimated at $325 Million ▸ Ransomware criminals netting roughly $150 Million per year SOPHISTATION
  • 25.
  • 26.