Jeremiah Grossman, profile picture
Uploaded byJeremiah Grossman
PDF, PPTX4,024 views

Ransomware is Here: Fundamentals Everyone Needs to Know

Ransomware is a malicious software that restricts access to computer systems and demands payment for restoration. The ransomware industry has exploded, with a significant increase in victims and reports, costing millions of dollars, and employing various methods to propagate and execute attacks. Payment methods commonly include Bitcoin, with many organizations facing severe disruptions due to ransomware attacks, highlighting the growing sophistication and complexity of these cyber threats.

Embed presentation

Download as PDF, PPTX
RANSOMWARE IS HERE: FUNDAMENTALS EVERYONE NEEDS TO KNOW JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY @jeremiahg https://www.jeremiahgrossman.com/ http://blog.jeremiahgrossman.com/ http://sentinelone.com/
JEREMIAH GROSSMAN WHO I AM… ▸ Professional Hacker ▸ OWASP Person of the Year (2015) ▸ International Speaker ▸ Black Belt in Brazilian Jiu-Jitsu ▸ Founder of WhiteHat Security
“RANSOMWARE IS A TYPE OF MALWARE THAT CAN BE COVERTLY INSTALLED ON A COMPUTER WITHOUT KNOWLEDGE OR INTENTION OF THE USER THAT RESTRICTS ACCESS TO THE INFECTED COMPUTER SYSTEM IN SOME WAY, AND DEMANDS THAT THE USER PAY A RANSOM TO THE MALWARE OPERATORS TO REMOVE THE RESTRICTION.” Wikipedia WHAT IS RANSOMWARE?
YOU KNOW IT WHEN INFECTED WITH RANSOMWARE…
CRYPTO LOCKER CRYPTO WALL TESLACRYPT REVETON JIGSAW LOCKY “THERE ARE NOW MORE THAN 120 SEPARATE FAMILIES OF RANSOMWARE, SAID EXPERTS STUDYING THE MALICIOUS SOFTWARE.”
ORDER OR OPERATIONS STEP-BY-STEP 1. Targeting – OS, geography, banking/ecommerce, consumer 2. Propagation – spear-phishing, drive-by-download, attachments 3. Exploit – exploit kits, vulnerability-based, unpatched systems 4. Infection – payload delivery, backdoor access 5. Execution – encryption, disruption, blocked access, RANSOM
DESIGNED TO EVADE DETECTION 01100111 01010110 10101010 10100101 10001010 11010011 00101101 Wrappers: Turn known code into a new binary Variations / Obfuscators: Slightly alter code to make known code appear new/ different Packers: Ensure code runs only on a real machine (anti-VM, sleepers, interactions, anti-debug) Targeting: Allows code to run only on a specific target machine/configuration Ransomware Code: The actual attack code that attacks your files, blocks access to the system and/or encrypts data
“THE FBI RECENTLY PUBLISHED THAT RANSOMWARE VICTIMS PAID OUT $209 MILLION IN Q1 2016 COMPARED TO $24 MILLION FOR ALL OF 2015.” LA Times THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
“IN ITS LETTER, THE DHS NOTED THAT ITS NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER (NCCIC) HAD INITIATED OR RECEIVED 321 REPORTS OF RANSOMWARE-RELATED ACTIVITY AFFECTING 29 DIFFERENT FEDERAL AGENCIES SINCE JUNE 2015. THE 321 REPORTS INCLUDE ATTEMPTED INFECTIONS AND INFECTIONS THAT WERE DEALT WITH BY THE AGENCIES' INTERNAL SECURITY TEAMS.” Business Insider THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
WHY THE RANSOMWARE EXPLOSION NOW?
ALMOST 50% AFFECTED END UP MAKING THE PAYMENT The number of users who came across crypto ransomware in the last year increased by more than 500% over the previous year. (Dec, 2015) -Kaspersky
THE RANSOM AND PAYMENT METHODS ▸ $200-$2000, average $300 (High $20,000) ▸ Most commonly paid through BitCoin ▸ Also through premium SMS/phone call, anonymous cash card or prepaid transfer service Secondary Motives ▸ Leave spyware behind ▸ Open backdoors ▸ Steal passwords
RANSOMWARE DOES NOT NEED ROOT ACCESS "RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
HOSPITALS NASCAR GOVERNMENT SCHOOLS POLICE GAMERS
“ON WEDNESDAY, U.S. SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250 DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE, PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.” “[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.” “IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10 HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
“NASCAR TEAM CIRCLE SPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO REPLICATE.” “RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT (BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER SYSTEMS OFFLINE.” “POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
“TO BE HONEST, WE OFTEN ADVISE PEOPLE JUST TO PAY THE RANSOM.” -JOSEPH BONAVOLONTA ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S CYBER & COUNTERINTELLIGENCE PROGRAM The Security Ledger TO PAY OR NOT TO PAY…
“THE FBI DOES NOT ADVISE VICTIMS ON WHETHER OR NOT TO PAY THE RANSOM.” "THE FBI ADVISES THAT THE USE OF BACKUP FILES IS AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF RANSOMWARE AND THAT IMPLEMENTING COMPUTER SECURITY BEST PRACTICES IS THE MOST EFFECTIVE WAY TO PREVENT RANSOMWARE INFECTIONS,” -DONALD J. GOOD DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION SOFTPEDIA THE FBI’S “OFFICIAL” POSITION
RANSOMWARE IS INNOVATING
RESEARCH AND DEVELOPMENT INCREASING
▸ Recent ransomware is targeted, sophisticated and harder to detect ▸ Once data is encrypted there virtually no options ▸ Modern encryption techniques impossible to break ▸ Restore from backups is time consuming, some data loss ▸ CryptoLocker 3.0 payments have been estimated at $325 Million ▸ Ransomware criminals netting roughly $150 Million per year SOPHISTATION
BUSINESS MODELS ARE EVOLVING AND MATURING
Ransomware is Here: Fundamentals Everyone Needs to Know

More Related Content

PPTX
WannaCry Ransomware
byZoho Corporation
 
PPT
Wannacry-A Ransomware Attack
byMahimaVerma28
 
PPTX
Ransomware: Emergence of the Cyber-Extortion Menace
byZubair Baig
 
PDF
What is wanna cry ransomware attack
byi-engage
 
PDF
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
byJeremiah Grossman
 
PDF
Million Browser Botnet
byJeremiah Grossman
 
PDF
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
byJeremiah Grossman
 
PPTX
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
byCyphort
 
WannaCry Ransomware
byZoho Corporation
 
Wannacry-A Ransomware Attack
byMahimaVerma28
 
Ransomware: Emergence of the Cyber-Extortion Menace
byZubair Baig
 
What is wanna cry ransomware attack
byi-engage
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
byJeremiah Grossman
 
Million Browser Botnet
byJeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
byJeremiah Grossman
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
byCyphort
 

What's hot

PDF
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
PDF
Ransomware all locked up book
byDiego Souza
 
PDF
An Inside Look At The WannaCry Ransomware Outbreak
byCrowdStrike
 
PPTX
Cyber Crime - Who do you call?
byEast Midlands Cyber Security Forum
 
PPTX
Ransomeware
byAbul Hossain Ripon
 
PPTX
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
PDF
Wannacry | Technical Insight and Lessons Learned
byThomas Roccia
 
PDF
Bear Hunting: History and Attribution of Russian Intelligence Operations
byCrowdStrike
 
PDF
CrowdCasts Monthly: You Have an Adversary Problem
byCrowdStrike
 
PPTX
Cyberextortion
bySalim Al Talie
 
PPTX
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
byJay Beale
 
PDF
Step FWD IT_Ransomware-Guide
bychrismannering
 
PDF
Sophos a-to-z
byCheng Olayvar
 
PPTX
Ransomware the clock is ticking
byManoj Kumar Mishra
 
PPTX
Ransomware: History, Analysis, & Mitigation
byWhiskeyNeon
 
PDF
Wannacry
byemeka onuzuruike
 
PPTX
Ransomware 2017: New threats emerge
bySymantec Security Response
 
PDF
CrowdCast Monthly: Operationalizing Intelligence
byCrowdStrike
 
PDF
Webinar: How hackers are making your security obsolete
byCyren, Inc
 
PPTX
র‌্যানসমওয়্যার
byTitas Sarker
 
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
Ransomware all locked up book
byDiego Souza
 
An Inside Look At The WannaCry Ransomware Outbreak
byCrowdStrike
 
Cyber Crime - Who do you call?
byEast Midlands Cyber Security Forum
 
Ransomeware
byAbul Hossain Ripon
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
Wannacry | Technical Insight and Lessons Learned
byThomas Roccia
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
byCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
byCrowdStrike
 
Cyberextortion
bySalim Al Talie
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
byJay Beale
 
Step FWD IT_Ransomware-Guide
bychrismannering
 
Sophos a-to-z
byCheng Olayvar
 
Ransomware the clock is ticking
byManoj Kumar Mishra
 
Ransomware: History, Analysis, & Mitigation
byWhiskeyNeon
 
Wannacry
byemeka onuzuruike
 
Ransomware 2017: New threats emerge
bySymantec Security Response
 
CrowdCast Monthly: Operationalizing Intelligence
byCrowdStrike
 
Webinar: How hackers are making your security obsolete
byCyren, Inc
 
র‌্যানসমওয়্যার
byTitas Sarker
 

Similar to Ransomware is Here: Fundamentals Everyone Needs to Know

PDF
Ransomware (1).pdf
byHiYeti1
 
PDF
Combating RANSOMWare
byUmer Saeed
 
PDF
Ransomware - Rameez Shahzada
byRAMEEZ SHAHZADA
 
PDF
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
PPTX
Ransomware Presentation.pptx
byMirMurtaza39
 
PDF
Ransomware hostage rescue manual
byRoel Palmaers
 
PPTX
Ransomware by lokesh
byLokesh Bysani
 
PPTX
Ransomware
byDevAkabari
 
PPTX
seminar report on What is ransomware
byJawhar Ali
 
PPTX
440890252-RANSOMWARE.cybersecurity-ppt.pptx
bysammadbasheer5
 
PPTX
Ransomware
byChaitali Sharma
 
PPTX
Ransomware attack
byAmna
 
PPTX
Ransomware : A cyber crime without solution ? by Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
Get Smart about Ransomware: Protect Yourself and Organization
bySecurity Innovation
 
PPTX
rensomware final ppt
byKomal Keshwer
 
PPTX
Defend Your Company Against Ransomware
byKevo Meehan
 
PPTX
What is Ransomware
byjeetendra mandal
 
PPTX
What is ransomware
byvikash saini
 
PDF
3. Ransomware (cyber awareness series)
byIsaac Feliciano
 
PPTX
Ransomware Attack
bydoiss delhi
 
Ransomware (1).pdf
byHiYeti1
 
Combating RANSOMWare
byUmer Saeed
 
Ransomware - Rameez Shahzada
byRAMEEZ SHAHZADA
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
Ransomware Presentation.pptx
byMirMurtaza39
 
Ransomware hostage rescue manual
byRoel Palmaers
 
Ransomware by lokesh
byLokesh Bysani
 
Ransomware
byDevAkabari
 
seminar report on What is ransomware
byJawhar Ali
 
440890252-RANSOMWARE.cybersecurity-ppt.pptx
bysammadbasheer5
 
Ransomware
byChaitali Sharma
 
Ransomware attack
byAmna
 
Ransomware : A cyber crime without solution ? by Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Get Smart about Ransomware: Protect Yourself and Organization
bySecurity Innovation
 
rensomware final ppt
byKomal Keshwer
 
Defend Your Company Against Ransomware
byKevo Meehan
 
What is Ransomware
byjeetendra mandal
 
What is ransomware
byvikash saini
 
3. Ransomware (cyber awareness series)
byIsaac Feliciano
 
Ransomware Attack
bydoiss delhi
 

More from Jeremiah Grossman

PDF
Top Ten Web Hacking Techniques (2010)
byJeremiah Grossman
 
PPTX
Top Ten Web Hacking Techniques of 2012
byJeremiah Grossman
 
PDF
WhiteHat Security Website Statistics [Full Report] (2013)
byJeremiah Grossman
 
PDF
How to Determine Your Attack Surface in the Healthcare Sector
byJeremiah Grossman
 
PDF
WhiteHat’s Website Security Statistics Report 2015
byJeremiah Grossman
 
PDF
11th Website Security Statistics -- Presentation Slides (Q1 2011)
byJeremiah Grossman
 
PPTX
WhiteHat Security 2014 Statistics Report Explained
byJeremiah Grossman
 
PPT
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
byJeremiah Grossman
 
PDF
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
byJeremiah Grossman
 
PDF
The Attack Surface of the Healthcare Industry
byJeremiah Grossman
 
PPTX
15 Years of Web Security: The Rebellious Teenage Years
byJeremiah Grossman
 
PDF
Next Generation Endpoint Prtection Buyers Guide
byJeremiah Grossman
 
PDF
Web Application Security Statistics Report 2016
byJeremiah Grossman
 
PDF
All these vulnerabilities, rarely matter
byJeremiah Grossman
 
PDF
WhiteHat 2014 Website Security Statistics Report
byJeremiah Grossman
 
PPTX
15 Years of Web Security: The Rebellious Teenage Years
byJeremiah Grossman
 
PDF
WhiteHat’s 12th Website Security Statistics [Full Report]
byJeremiah Grossman
 
PPTX
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
byJeremiah Grossman
 
PPTX
No More Snake Oil: Why InfoSec Needs Security Guarantees
byJeremiah Grossman
 
PDF
Can Ransomware Ever Be Defeated?
byJeremiah Grossman
 
Top Ten Web Hacking Techniques (2010)
byJeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
byJeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
byJeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
byJeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
byJeremiah Grossman
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
byJeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
byJeremiah Grossman
 
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"
byJeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
byJeremiah Grossman
 
The Attack Surface of the Healthcare Industry
byJeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
byJeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
byJeremiah Grossman
 
Web Application Security Statistics Report 2016
byJeremiah Grossman
 
All these vulnerabilities, rarely matter
byJeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
byJeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
byJeremiah Grossman
 
WhiteHat’s 12th Website Security Statistics [Full Report]
byJeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
byJeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
byJeremiah Grossman
 
Can Ransomware Ever Be Defeated?
byJeremiah Grossman
 

Recently uploaded

PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
December Patch Tuesday
byIvanti
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
December Patch Tuesday
byIvanti
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
The year in review - MarvelClient in 2025
bypanagenda
 

Ransomware is Here: Fundamentals Everyone Needs to Know

  • 1.
    RANSOMWARE IS HERE:FUNDAMENTALS EVERYONE NEEDS TO KNOW JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY @jeremiahg https://www.jeremiahgrossman.com/ http://blog.jeremiahgrossman.com/ http://sentinelone.com/
  • 2.
    JEREMIAH GROSSMAN WHO IAM… ▸ Professional Hacker ▸ OWASP Person of the Year (2015) ▸ International Speaker ▸ Black Belt in Brazilian Jiu-Jitsu ▸ Founder of WhiteHat Security
  • 3.
    “RANSOMWARE IS ATYPE OF MALWARE THAT CAN BE COVERTLY INSTALLED ON A COMPUTER WITHOUT KNOWLEDGE OR INTENTION OF THE USER THAT RESTRICTS ACCESS TO THE INFECTED COMPUTER SYSTEM IN SOME WAY, AND DEMANDS THAT THE USER PAY A RANSOM TO THE MALWARE OPERATORS TO REMOVE THE RESTRICTION.” Wikipedia WHAT IS RANSOMWARE?
  • 4.
    YOU KNOW IT WHENINFECTED WITH RANSOMWARE…
  • 6.
    CRYPTO LOCKER CRYPTOWALL TESLACRYPT REVETON JIGSAW LOCKY “THERE ARE NOW MORE THAN 120 SEPARATE FAMILIES OF RANSOMWARE, SAID EXPERTS STUDYING THE MALICIOUS SOFTWARE.”
  • 7.
    ORDER OR OPERATIONS STEP-BY-STEP 1.Targeting – OS, geography, banking/ecommerce, consumer 2. Propagation – spear-phishing, drive-by-download, attachments 3. Exploit – exploit kits, vulnerability-based, unpatched systems 4. Infection – payload delivery, backdoor access 5. Execution – encryption, disruption, blocked access, RANSOM
  • 8.
    DESIGNED TO EVADEDETECTION 01100111 01010110 10101010 10100101 10001010 11010011 00101101 Wrappers: Turn known code into a new binary Variations / Obfuscators: Slightly alter code to make known code appear new/ different Packers: Ensure code runs only on a real machine (anti-VM, sleepers, interactions, anti-debug) Targeting: Allows code to run only on a specific target machine/configuration Ransomware Code: The actual attack code that attacks your files, blocks access to the system and/or encrypts data
  • 9.
    “THE FBI RECENTLYPUBLISHED THAT RANSOMWARE VICTIMS PAID OUT $209 MILLION IN Q1 2016 COMPARED TO $24 MILLION FOR ALL OF 2015.” LA Times THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 10.
    “IN ITS LETTER,THE DHS NOTED THAT ITS NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER (NCCIC) HAD INITIATED OR RECEIVED 321 REPORTS OF RANSOMWARE-RELATED ACTIVITY AFFECTING 29 DIFFERENT FEDERAL AGENCIES SINCE JUNE 2015. THE 321 REPORTS INCLUDE ATTEMPTED INFECTIONS AND INFECTIONS THAT WERE DEALT WITH BY THE AGENCIES' INTERNAL SECURITY TEAMS.” Business Insider THE BIRTH OF A BILLION DOLLAR CYBER-CRIME INDUSTRY
  • 11.
    WHY THE RANSOMWAREEXPLOSION NOW?
  • 12.
    ALMOST 50% AFFECTEDEND UP MAKING THE PAYMENT The number of users who came across crypto ransomware in the last year increased by more than 500% over the previous year. (Dec, 2015) -Kaspersky
  • 13.
    THE RANSOM ANDPAYMENT METHODS ▸ $200-$2000, average $300 (High $20,000) ▸ Most commonly paid through BitCoin ▸ Also through premium SMS/phone call, anonymous cash card or prepaid transfer service Secondary Motives ▸ Leave spyware behind ▸ Open backdoors ▸ Steal passwords
  • 14.
    RANSOMWARE DOES NOTNEED ROOT ACCESS "RANSOMWEB" DESCRIBES ATTACKS DURING WHICH CROOKS BREAK INTO A WEBSITE USING VARIOUS VULNERABILITIES AND ENCRYPT ITS CONTENT. THIS CAN BE ITS DATABASE OR ITS FILES, BUT IN THE END, CROOKS NOTIFY THE SITE OWNERS THAT THEY HAVE TO PAY A RANSOM TO GET THEIR FILES BACK.”
  • 15.
  • 16.
    “ON WEDNESDAY, U.S.SECURITY COMPANY KNOWBE4 SAID IT WAS RECENTLY CONTACTED BY A HEALTH CENTER THAT PAID HACKERS NEARLY $40,000 AFTER 250 DEVICES, INCLUDING AN MRI MACHINE, BECAME INFECTED WITH RANSOMWARE, PROMPTING THE UNNAMED ORGANIZATION TO SHUT DOWN FOR FIVE DAYS.” “[PRIME HEALTHCARE SERVICE] SAYS IT DEFEATED THE CYBERATTACK WITHOUT PAYING A RANSOM. BUT IT ACKNOWLEDGED SOME PATIENTS WERE TEMPORARILY PREVENTED FROM RECEIVING RADIOLOGY TREATMENTS, AND OTHER OPERATIONS WERE DISRUPTED BRIEFLY WHILE COMPUTER SYSTEMS WERE DOWN.” “IN MARCH, HACKERS ENCRYPTED DATA AT MEDSTAR HEALTH, WHICH OPERATES 10 HOSPITALS IN MARYLAND AND THE DISTRICT OF COLUMBIA. THE VIRUS CAUSED DELAYS IN SERVICE AND TREATMENT UNTIL COMPUTERS WERE BROUGHT BACK ONLINE. THE COMPANY SAID IT DID NOT PAY A REPORTED $19,000 RANSOM DEMAND.“
  • 17.
    “NASCAR TEAM CIRCLESPORT-LEAVINE FAMILY RACING (CSLFR) HAS REVEALED TODAY IT FACED A RANSOMWARE INFECTION THIS PAST APRIL, WHEN IT ALMOST LOST ACCESS TO CRUCIAL FILES WORTH NEARLY $2 MILLION, CONTAINING CAR PARTS LISTS AND CUSTOM HIGH-PROFILE SIMULATIONS THAT WOULD HAVE TAKEN 1,500 MAN-HOURS TO REPLICATE.” “RECENTLY, THE AMERICAN PUBLIC UTILITY LANSING BOARD OF WATER & LIGHT (BWL) HAS ANNOUNCED THAT THE COMPANY HAS BECOME A VICTIM OF RANSOMWARE ATTACK THAT KNOCKED THE UTILITY'S INTERNAL COMPUTER SYSTEMS OFFLINE.” “POLICE DEPARTMENT CHIEF MICHAEL LYLE CLAIMED THAT ONE UNSUSPECTING USER FROM WITHIN THE DEPARTMENT OPENED THE EMAIL, TRIGGERING THE PAYLOAD OF THE RANSOMWARE WHICH PROCEEDED TO ENCRYPT FILES AND TAKE CONTROL OF A PROGRAM KNOWN AS TRITECH. THE SOFTWARE IS AN ESSENTIAL TOOL, ONE THAT POLICE OFFICERS USE FOR COMPUTER AIDED DISPATCH AND AS A RECORD MANAGEMENT SYSTEM DURING PATROL. THE PROGRAM ALSO ENABLES LAW ENFORCEMENT OFFICERS TO LOG INCIDENT REPORTS.”
  • 18.
    “TO BE HONEST,WE OFTEN ADVISE PEOPLE JUST TO PAY THE RANSOM.” -JOSEPH BONAVOLONTA ASSISTANT SPECIAL AGENT IN CHARGE OF THE FBI’S CYBER & COUNTERINTELLIGENCE PROGRAM The Security Ledger TO PAY OR NOT TO PAY…
  • 19.
    “THE FBI DOESNOT ADVISE VICTIMS ON WHETHER OR NOT TO PAY THE RANSOM.” "THE FBI ADVISES THAT THE USE OF BACKUP FILES IS AN EFFECTIVE WAY TO MINIMIZE THE IMPACT OF RANSOMWARE AND THAT IMPLEMENTING COMPUTER SECURITY BEST PRACTICES IS THE MOST EFFECTIVE WAY TO PREVENT RANSOMWARE INFECTIONS,” -DONALD J. GOOD DEPUTY ASSISTANT DIRECTOR OF THE FBI'S CYBER DIVISION SOFTPEDIA THE FBI’S “OFFICIAL” POSITION
  • 21.
  • 22.
  • 24.
    ▸ Recent ransomwareis targeted, sophisticated and harder to detect ▸ Once data is encrypted there virtually no options ▸ Modern encryption techniques impossible to break ▸ Restore from backups is time consuming, some data loss ▸ CryptoLocker 3.0 payments have been estimated at $325 Million ▸ Ransomware criminals netting roughly $150 Million per year SOPHISTATION
  • 27.