SlideShare a Scribd company logo

The Rise of Ransomware

Download as PPTX, PDF
T
Tharindu Edirisinghe

Ransomware has become a lucrative criminal enterprise, with cyber criminals extorting over $209 million from organizations in just the first three months of 2016 alone. Ransomware works by encrypting files on infected machines and demanding ransom payments in exchange for the decryption key. While early ransomware dated back to 2005, the threat grew significantly in 2015 with over 400,000 infections and $325 million stolen. Ransomware variants now aim to disrupt device usage until payment is made. Organizations can help mitigate the risk of ransomware through practices like regular backups, keeping software updated, limiting user privileges, and restricting unknown applications.

Technology
1 of 33
The rise of ransomware
Hello!I am Tharindu Edirisinghe You can find me at …. tharindue.blogspot.com @thariyarox https://lk.linkedin.com/in/ediri ediri@live.com
The FBI reported that cyber criminals used ransomware to extort $209 million from enterprise organizations in the first three months of 2016 alone. Source : http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/
The name “ransomware” refers to a type of malware that is designed to infect machines, encrypt as many files as possible and hold the decryption key for ransom until the victim submits the required payment. While documented complaints of modern ransomware date back to 2005, the malware has recently gained a new popularity. In 2015 alone, there were nearly 407,000 attempted ransomware infections and over $325 million extorted from victims. Souce : https://www.cyberark.com/resource/cyberark-labs-ransomware/
There is another variant of ransomware that blocks the usage of the device with the same goal of extracting payment from the victim. This behavior includes spawning multiple messages across the screen disrupting user application usage or inhibiting the normal boot process of the operating system with displaying a ransom message instead of a user login screen. Source : http://cyberthreatalliance.org/cryptowall-report.pdf
In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can access it. Source : https://en.wikipedia.org/wiki/Encryption Image Source : http://kryptophone.kryptotel.net/faq/encryption/index.html
Image Source: http://www.sqlservercentral.com/blogs/zoras-sql- tips/2014/09/11/understanding-the-core-of-cryptography-in-sql-server/print/
Image Source: http://www.sqlservercentral.com/blogs/zoras-sql- tips/2014/09/11/understanding-the-core-of-cryptography-in-sql-server/print/
demo
Once the ransomware was triggered to execute, 90% of the samples analyzed first attempted to communicate back to an attacker-managed key server, which held the unique public key used to encrypt files on the machine. In 20% of all cases, if the connection could not be established, the ransomware would fail. Yet, a full 70% of ransomware samples were able to execute using a default public key, even if a unique key could not be retrieved from the key server. Notably, this approach can be less effective for the attacker, as a victim can potentially use a single default decryption key that has already been purchased to decrypt all files that were encrypted using the same key. The remaining 10% of samples included a unique key generator within the ransomware file itself, thus eliminating the need for an outside connection. Based on this observation, the research team noted that if organizations could limit the ransomware’s ability to establish an outside connection, organizations could typically either prevent the ransomware from executing or force the attackers to use a default key, thus minimizing the financial impact of the attack. Souce : https://www.cyberark.com/resource/cyberark-labs-ransomware/
1. Ransomware is Evolving by the Hour Unlike traditional malware, which is frequently reused across a wide range of targets, ransomware strains are typically mutated for each new victim. Traditional anti-virus solutions that rely on blacklists are typically ineffective in preventing ransomware because they simply can’t keep up with the thousands of new samples produced each day. To effectively protect against ransomware risks, organizations can’t just protect against known malware; they also need to protect against unknown malicious applications.
2. A Common Path to Encryption The team observed what actions were executed by different ransomware samples, and learned the samples across different families all followed similar subsequent processes. Typically, the malware first attempted to communicate back to an attacker-managed key server, which held the unique public key used to encrypt files on the machine. Second, the ransomware began to scan the infected machines to locate specific files types. Third, upon locating the files, the ransomware began the encryption process, while working to maximize the number of impacted machines.
3. Ransom Payment Method of Choice To receive the key needed to decrypt the impacted files, users were required to submit payment – the ransom – to the attackers. Payment was typically demanded in Bitcoin, and for Bitcoin novices, some attackers went so far as to set up “help desks” to help victims purchase Bitcoin and complete the funds transfer.
4. Ransomware Seeks Admin Rights In 70% of tested cases, ransomware attempted to gain local administrator rights once activated. But interestingly, only 10% of the tested files failed if these rights could not be attained. This shows that even though the removal of local administrator rights from standard users is a best practice and certainly could have prevented some of the ransomware, this measure must be layered with application control to reliably protect against file encryption.
5. A Common Denominator Testing by CyberArk Labs demonstrated that a highly effective way to mitigate the risk of ransomware attacks is to prevent unknown applications, including unknown ransomware, from gaining the read, write and edit permissions needed to encrypt files. When tested by CyberArk Labs, a combined approach of removing local admin rights and application control, including greylisting, which restricts read, write and modify permissions from unknown applications was 100 percent effective in preventing ransomware from encrypting files. https://www.cyberark.com/blog/new-cyberark-labs-research-analyzing-ransomware- potential-mitigation-strategies/
Shade is a ransomware-type Trojan that emerged in late 2014. The malware is spread via malicious websites and infected email attachments. After getting into the user’s system, Shade encrypts files stored on the machine and creates a .txt file containing the ransom note and instructions from cybercriminals on what to do to get user’s personal files back. Shade use strong decryption algorithm for each encrypted file, with two random 256-bit AES keys generated: one is used to encrypt the file’s contents, while the other is used to encrypt the file name. Since 2014, Kaspersky Lab and Intel Security prevented more than 27 000 attempts to attack users with Shade Trojan. Most of the infections occurred in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also registered in France, Czech Republic, Italy, and the US. Source : https://www.helpnetsecurity.com/2016/07/25/no-more-ransom/
Ransomware is often spread via spam campaigns or exploit kits, but LeChiffre takes a different approach. LeChiffre developers scan networks for poorly secured, vulnerable Remote Desktops, log in remotely after cracking them, and then manually run an instance of the malware to encrypt files and append the extension “.LeChiffre” to them. Security researchers at Emsisoft already managed to come up with a LeChiffre decrypter, after discovering that the malware encrypts only the first 8192 bytes of a file and if the file is bigger than 16999 bytes, and also the last 8192 of the file, using Blowfish Source : http://www.securityweek.com/lechiffre-ransomware-hits-indian-banks-pharma- company
Ransomware is a very successful model of attack and its mobile variant is not much different from its desktop counterpart. Usually, the user is tricked into installing a useful app—for example, an app that pretends to be Adobe Flash player. Once installed and executed, the malicious application attempts to encrypt all accessible documents, images, and multimedia files on the device. When this process is finished, the ransomware application displays a text, a warning that often seems to come from law enforcement agencies such as the FBI and instructs the user how to pay to restore files and access to the device. Some of the most successful Android ransomware families are Simplocker and Koler. The recently discovered Locker family actually sets a PIN for the device and makes the restore almost impossible if the user is not willing to pay the attackers for recovery instructions. Souce : https://www.thehaguesecuritydelta.com/media/com_hsd/report/57/document/4aa6- 3786enw.pdf
1. Have a Backup Solution in Place Access and storage of your data is mission-critical to your business, especially when dealing with a ransomware attack. If you backup your data routinely, ransom Trojans are easy to remove. Recover the files from a backup and hope the person at fault learns their lesson. 2. Keep Software up to Date Some ransom Trojans target user carelessness (“click this link,” or “open this attachment”). Others exploit vulnerabilities in software. Keep all your software patched, especially the most common and popular off-the-shelf products – they are the first ones a hacker will target.
3. Filter Executables Disguised as an invoice, an “urgent” document, or a notification that you’ve missed a delivery -- these are often hidden in ZIP archives. Make sure to filter those and executables in general. 4. Show File Extensions By allowing Windows to show file extensions, it makes it difficult for hackers to keep thier intentions hidden. For example, if a file is really called “Invoice.doc.exe,” then you shouldn’t allow it to present itself to the user as “Invoice.doc.”
5. Restrict User Privileges Keep incidents isolated by making sure one infected user does not bring down your entire network. By limiting machine access to only what it needs it can save your business significantly in downtime, allowing unaffected users/departments to continue working productively. 6. Disable Remote Desktop Protocol Hackers love to use Windows’ native remote access feature and third-party software to get malicious code onto computers. Although the remote desktop protocol is very useful, it does not need to be switched on all the time.
7. Get a Security Audit from a Reputable IT Consultant A credible and experienced IT Consultant, like Lantium, can assess your organization’s information systems, business processes, and overall cyber presence to help you identify methods to keep your business protected. By being proactive, you can ensure your business stays safe in 2017! Source: http://blog.lantium.com/seven-things-to-protect-your-business-from- ransomware
The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. Source : https://www.nomoreransom.org/about-the-project.html
Ransomware Families and Types http://avien.net/blog/ransomware-resources/ransomware-families-and- types Analysis of the CryptoWall Version 4 Threat http://cyberthreatalliance.org/cryptowall-report.pdf Even the best antivirus likely can't save your files from a ransomware infection http://www.businessinsider.com/fighting-ransomware-with-antivirus-2016-1 Hewlett Packard Enterprise - Cyber Risk Report 2016 https://www.thehaguesecuritydelta.com/media/com_hsd/report/57/document/4aa6-3786enw.pdf Shoddy Programming causes new Ransomware to destroy your Data https://www.bleepingcomputer.com/news/security/shoddy-programming-causes-new-ransomware-to- destroy-your-data
THANKS!Any questions? You can find me at …. tharindue.blogspot.com @thariyarox https://lk.linkedin.com/in/ediri ediri@live.com

Recommended

Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Ransomware
RansomwareRansomware
Ransomware
G Prachi
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Ransomware
RansomwareRansomware
Ransomware
Nick Miller
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 

Recommended

Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Ransomware
RansomwareRansomware
Ransomware
G Prachi
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Ransomware
RansomwareRansomware
Ransomware
Nick Miller
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
Texas Medical Liability Trust
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
Malware
MalwareMalware
Malware
josefrozhi12
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
Shreedeep Rayamajhi
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
Amna
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
jeetendra mandal
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
OPSWAT
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
chrismannering
 
Teorias basicas de turbinas de vapor
Teorias basicas de turbinas de vaporTeorias basicas de turbinas de vapor
Teorias basicas de turbinas de vapor
Calheiros Souza
 

More Related Content

What's hot

What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
Texas Medical Liability Trust
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
Malware
MalwareMalware
Malware
josefrozhi12
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
Shreedeep Rayamajhi
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
Amna
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
jeetendra mandal
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
OPSWAT
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 

What's hot (20)

What is malware
What is malwareWhat is malware
What is malware
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
 
Ransomware
Ransomware Ransomware
Ransomware
 
Malware
MalwareMalware
Malware
 
Ransomware
RansomwareRansomware
Ransomware
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 

Viewers also liked

Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
chrismannering
 
Teorias basicas de turbinas de vapor
Teorias basicas de turbinas de vaporTeorias basicas de turbinas de vapor
Teorias basicas de turbinas de vapor
Calheiros Souza
 
Diseño grafico
Diseño graficoDiseño grafico
Diseño grafico
Caterine López Castaño
 
Resenha espirita on line 139
Resenha espirita on line 139Resenha espirita on line 139
Resenha espirita on line 139
MRS
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Hipervinculo Ingenieria
Hipervinculo Ingenieria Hipervinculo Ingenieria
Hipervinculo Ingenieria
Eloisa Gpe Castro Vzla
 
Presentación1
Presentación1Presentación1
Presentación1
alex vizcarra
 
Olimpia mapa conceptual
Olimpia mapa conceptual Olimpia mapa conceptual
Olimpia mapa conceptual
olimpya el hinawi hinawi
 
What can you do about ransomware
What can you do about ransomwareWhat can you do about ransomware
What can you do about ransomware
Michael Gough
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
Jeremiah Grossman
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
Jeremiah Grossman
 
Public_Defense
Public_DefensePublic_Defense
Public_Defense
shahram eivazi
 
31 Best Growth Hacking Resources
31 Best Growth Hacking Resources31 Best Growth Hacking Resources
31 Best Growth Hacking Resources
Stephen Jeske
 

Viewers also liked (15)

Step FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-GuideStep FWD IT_Ransomware-Guide
Step FWD IT_Ransomware-Guide
 
Teorias basicas de turbinas de vapor
Teorias basicas de turbinas de vaporTeorias basicas de turbinas de vapor
Teorias basicas de turbinas de vapor
 
Diseño grafico
Diseño graficoDiseño grafico
Diseño grafico
 
Resenha espirita on line 139
Resenha espirita on line 139Resenha espirita on line 139
Resenha espirita on line 139
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
Hipervinculo Ingenieria
Hipervinculo Ingenieria Hipervinculo Ingenieria
Hipervinculo Ingenieria
 
Presentación1
Presentación1Presentación1
Presentación1
 
Olimpia mapa conceptual
Olimpia mapa conceptual Olimpia mapa conceptual
Olimpia mapa conceptual
 
What can you do about ransomware
What can you do about ransomwareWhat can you do about ransomware
What can you do about ransomware
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
Public_Defense
Public_DefensePublic_Defense
Public_Defense
 
31 Best Growth Hacking Resources
31 Best Growth Hacking Resources31 Best Growth Hacking Resources
31 Best Growth Hacking Resources
 

Similar to The Rise of Ransomware

A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
RSIS International
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
RSIS International
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
AshishDPatel1
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
Avinash Sinha
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
Kevo Meehan
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
Denise Bailey
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Katherine Duffy
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
Ren Hao
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
Infosectrain3
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
Roel Palmaers
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
Carl Saiyed
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-Ransomware
Dave Augustine
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
HTS Hosting
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
Mangesh wadibhasme
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
Osirium Limited
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
Security Innovation
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
Diane M. Metcalf
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
dpd
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 

Similar to The Rise of Ransomware (20)

A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
 
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-Ransomware
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 

Recently uploaded

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 

Recently uploaded (20)

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 

The Rise of Ransomware

  • 2. Hello!I am Tharindu Edirisinghe You can find me at …. tharindue.blogspot.com @thariyarox https://lk.linkedin.com/in/ediri ediri@live.com
  • 3. The FBI reported that cyber criminals used ransomware to extort $209 million from enterprise organizations in the first three months of 2016 alone. Source : http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/
  • 4.
  • 5.
  • 6. The name “ransomware” refers to a type of malware that is designed to infect machines, encrypt as many files as possible and hold the decryption key for ransom until the victim submits the required payment. While documented complaints of modern ransomware date back to 2005, the malware has recently gained a new popularity. In 2015 alone, there were nearly 407,000 attempted ransomware infections and over $325 million extorted from victims. Souce : https://www.cyberark.com/resource/cyberark-labs-ransomware/
  • 7. There is another variant of ransomware that blocks the usage of the device with the same goal of extracting payment from the victim. This behavior includes spawning multiple messages across the screen disrupting user application usage or inhibiting the normal boot process of the operating system with displaying a ransom message instead of a user login screen. Source : http://cyberthreatalliance.org/cryptowall-report.pdf
  • 8. In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can access it. Source : https://en.wikipedia.org/wiki/Encryption Image Source : http://kryptophone.kryptotel.net/faq/encryption/index.html
  • 11. demo
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Once the ransomware was triggered to execute, 90% of the samples analyzed first attempted to communicate back to an attacker-managed key server, which held the unique public key used to encrypt files on the machine. In 20% of all cases, if the connection could not be established, the ransomware would fail. Yet, a full 70% of ransomware samples were able to execute using a default public key, even if a unique key could not be retrieved from the key server. Notably, this approach can be less effective for the attacker, as a victim can potentially use a single default decryption key that has already been purchased to decrypt all files that were encrypted using the same key. The remaining 10% of samples included a unique key generator within the ransomware file itself, thus eliminating the need for an outside connection. Based on this observation, the research team noted that if organizations could limit the ransomware’s ability to establish an outside connection, organizations could typically either prevent the ransomware from executing or force the attackers to use a default key, thus minimizing the financial impact of the attack. Souce : https://www.cyberark.com/resource/cyberark-labs-ransomware/
  • 18.
  • 19. 1. Ransomware is Evolving by the Hour Unlike traditional malware, which is frequently reused across a wide range of targets, ransomware strains are typically mutated for each new victim. Traditional anti-virus solutions that rely on blacklists are typically ineffective in preventing ransomware because they simply can’t keep up with the thousands of new samples produced each day. To effectively protect against ransomware risks, organizations can’t just protect against known malware; they also need to protect against unknown malicious applications.
  • 20. 2. A Common Path to Encryption The team observed what actions were executed by different ransomware samples, and learned the samples across different families all followed similar subsequent processes. Typically, the malware first attempted to communicate back to an attacker-managed key server, which held the unique public key used to encrypt files on the machine. Second, the ransomware began to scan the infected machines to locate specific files types. Third, upon locating the files, the ransomware began the encryption process, while working to maximize the number of impacted machines.
  • 21. 3. Ransom Payment Method of Choice To receive the key needed to decrypt the impacted files, users were required to submit payment – the ransom – to the attackers. Payment was typically demanded in Bitcoin, and for Bitcoin novices, some attackers went so far as to set up “help desks” to help victims purchase Bitcoin and complete the funds transfer.
  • 22. 4. Ransomware Seeks Admin Rights In 70% of tested cases, ransomware attempted to gain local administrator rights once activated. But interestingly, only 10% of the tested files failed if these rights could not be attained. This shows that even though the removal of local administrator rights from standard users is a best practice and certainly could have prevented some of the ransomware, this measure must be layered with application control to reliably protect against file encryption.
  • 23. 5. A Common Denominator Testing by CyberArk Labs demonstrated that a highly effective way to mitigate the risk of ransomware attacks is to prevent unknown applications, including unknown ransomware, from gaining the read, write and edit permissions needed to encrypt files. When tested by CyberArk Labs, a combined approach of removing local admin rights and application control, including greylisting, which restricts read, write and modify permissions from unknown applications was 100 percent effective in preventing ransomware from encrypting files. https://www.cyberark.com/blog/new-cyberark-labs-research-analyzing-ransomware- potential-mitigation-strategies/
  • 24. Shade is a ransomware-type Trojan that emerged in late 2014. The malware is spread via malicious websites and infected email attachments. After getting into the user’s system, Shade encrypts files stored on the machine and creates a .txt file containing the ransom note and instructions from cybercriminals on what to do to get user’s personal files back. Shade use strong decryption algorithm for each encrypted file, with two random 256-bit AES keys generated: one is used to encrypt the file’s contents, while the other is used to encrypt the file name. Since 2014, Kaspersky Lab and Intel Security prevented more than 27 000 attempts to attack users with Shade Trojan. Most of the infections occurred in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also registered in France, Czech Republic, Italy, and the US. Source : https://www.helpnetsecurity.com/2016/07/25/no-more-ransom/
  • 25. Ransomware is often spread via spam campaigns or exploit kits, but LeChiffre takes a different approach. LeChiffre developers scan networks for poorly secured, vulnerable Remote Desktops, log in remotely after cracking them, and then manually run an instance of the malware to encrypt files and append the extension “.LeChiffre” to them. Security researchers at Emsisoft already managed to come up with a LeChiffre decrypter, after discovering that the malware encrypts only the first 8192 bytes of a file and if the file is bigger than 16999 bytes, and also the last 8192 of the file, using Blowfish Source : http://www.securityweek.com/lechiffre-ransomware-hits-indian-banks-pharma- company
  • 26. Ransomware is a very successful model of attack and its mobile variant is not much different from its desktop counterpart. Usually, the user is tricked into installing a useful app—for example, an app that pretends to be Adobe Flash player. Once installed and executed, the malicious application attempts to encrypt all accessible documents, images, and multimedia files on the device. When this process is finished, the ransomware application displays a text, a warning that often seems to come from law enforcement agencies such as the FBI and instructs the user how to pay to restore files and access to the device. Some of the most successful Android ransomware families are Simplocker and Koler. The recently discovered Locker family actually sets a PIN for the device and makes the restore almost impossible if the user is not willing to pay the attackers for recovery instructions. Souce : https://www.thehaguesecuritydelta.com/media/com_hsd/report/57/document/4aa6- 3786enw.pdf
  • 27. 1. Have a Backup Solution in Place Access and storage of your data is mission-critical to your business, especially when dealing with a ransomware attack. If you backup your data routinely, ransom Trojans are easy to remove. Recover the files from a backup and hope the person at fault learns their lesson. 2. Keep Software up to Date Some ransom Trojans target user carelessness (“click this link,” or “open this attachment”). Others exploit vulnerabilities in software. Keep all your software patched, especially the most common and popular off-the-shelf products – they are the first ones a hacker will target.
  • 28. 3. Filter Executables Disguised as an invoice, an “urgent” document, or a notification that you’ve missed a delivery -- these are often hidden in ZIP archives. Make sure to filter those and executables in general. 4. Show File Extensions By allowing Windows to show file extensions, it makes it difficult for hackers to keep thier intentions hidden. For example, if a file is really called “Invoice.doc.exe,” then you shouldn’t allow it to present itself to the user as “Invoice.doc.”
  • 29. 5. Restrict User Privileges Keep incidents isolated by making sure one infected user does not bring down your entire network. By limiting machine access to only what it needs it can save your business significantly in downtime, allowing unaffected users/departments to continue working productively. 6. Disable Remote Desktop Protocol Hackers love to use Windows’ native remote access feature and third-party software to get malicious code onto computers. Although the remote desktop protocol is very useful, it does not need to be switched on all the time.
  • 30. 7. Get a Security Audit from a Reputable IT Consultant A credible and experienced IT Consultant, like Lantium, can assess your organization’s information systems, business processes, and overall cyber presence to help you identify methods to keep your business protected. By being proactive, you can ensure your business stays safe in 2017! Source: http://blog.lantium.com/seven-things-to-protect-your-business-from- ransomware
  • 31. The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. Source : https://www.nomoreransom.org/about-the-project.html
  • 32. Ransomware Families and Types http://avien.net/blog/ransomware-resources/ransomware-families-and- types Analysis of the CryptoWall Version 4 Threat http://cyberthreatalliance.org/cryptowall-report.pdf Even the best antivirus likely can't save your files from a ransomware infection http://www.businessinsider.com/fighting-ransomware-with-antivirus-2016-1 Hewlett Packard Enterprise - Cyber Risk Report 2016 https://www.thehaguesecuritydelta.com/media/com_hsd/report/57/document/4aa6-3786enw.pdf Shoddy Programming causes new Ransomware to destroy your Data https://www.bleepingcomputer.com/news/security/shoddy-programming-causes-new-ransomware-to- destroy-your-data
  • 33. THANKS!Any questions? You can find me at …. tharindue.blogspot.com @thariyarox https://lk.linkedin.com/in/ediri ediri@live.com