2. Who AM I
Viral Parmar
ComExpo Cyber Security Foundation
Cyber Security Researcher
Mozilla Reps, Mozilla Foundation
Given 500+ session all over the world
Solved 200+case of cyber crime and aware more then
6 lakh people about privacy and security
Always remember: Know hAckiNG, but no HaCKing.
@viralparmarhack
3.
4. What is Malware
Software that is specifically designed to disrupt, damage, or gain
unauthorized access to a computer system
Malicious Software
5.
6.
7. VIRUS
Full form of VIRUS is Vital Information Resources Under Seize
Types of Viruses:
1. Boot Sector Virus - infects boot sector of hard drive
1. Micro Virus - comes with macro in word or powerpoint and infect system
1. Program Virus - comes with programs like .exe .dll etc
1. Polymorphic Virus - changes its signature frequently
18. When it started
• 1989 "PC Cyborg“ written by Joseph Popp, PC Cyborg Trojan, is a trojan
horse that replaces the AUTOEXEC.BAT file which triggered a payload claiming
that the user's license to use a certain piece of software had expired,
encrypted file names on the hard drive, and required the user to pay US$189
to "PC Cyborg Corporation" for the means to unlock the system
• Mordechai M. (Moti) Yung is an Israeli-American cryptographer and computer
scientist currently employed at Google. Use cryptography to design
powerful malicious software and discovered the secure attack (from the
attacker's perspective) for kidnapping data known as ransomware/ cryptoviral
extortion
• Ransomware typically propagates as a trojan, whose payload is disguised as a
seemingly legitimate file.
19.
20.
21. Types of Ransomware
1. Scareware
2. Lock screen Ransomware
3. Mobile Ransomeware
4. Encrypting Ransomware
22. Scareware
Bogus antivirus or clean-up tools that claim they’ve detected umpteen
issues, and demand that you pay in order to fix them. Bombard you with
alerts and pop-ups, while others might prevent you from running any
programs at all
23. Lock Screen Ransomware
Displaying a fake notice claiming to be from several government authorities. those
issued by companies or law enforcement agencies and falsely claim that the system
has been used for illegal activities, or contains illegal content such
as pornography and pirated software or media.
which don’t allow you to use your PC in any way.
They display a full-size window after Windows
starts up—usually with an FBI or Department
of Justice logo—saying that you violated the
law and that you must pay a fine.
24. Mobile Ransomware
Mobile ransomware would work much the same as its bigger cousin,
locking down a device entirely, with only a message being displayed that
demanded an exorbitant sum be paid within a certain amount of time or
the phone would be wiped clean.
26. CryptoLocker
• Encrypting ransomware returned to prominence in OCT 2013 with the propagation
of CryptoLocker—using the Bitcoin (digital currency) platform to collect ransom money.
The operators of CryptoLocker had procured about US$27 million from infected users
• which generated a 2048-bit RSA key pair—uploaded in turn to a command-and-control
server, and used to encrypt files using a whitelist of specific file extensions
• The malware threatened to delete the private key if a payment of Bitcoin or a pre-paid
cash voucher was not made within 3 days of the infection price would increase to 10 BTC—
approximately US$2300 as of November 2013
• on June 2, 2014. The Department of Justice also publicly issued an indictment against the
Russian hacker Evgeniy Bogachev aka "lucky12345"
45. • Now, to spread this creepy threat more easily by even a non-tech user, one dark web hacker
has released a ransomware-as-a-service kit, dubbed "Tox," for anyone to download and set
up their own ransomware for free.
• Yes, believe it or not, but Tox is completely free to use. The developers of the online software
make money by taking a cut (20%) of any successful ransomware campaigns its users run.
• Tox, which runs on TOR
1. Type a desired ransom amount you want to ask victims for.
2. Provide an additional note in the "Cause", presumably the message that will alert victims
that they are being held hostage to a piece of malware.
3. Finally, you are prompted to fill out a captcha, and click "Create".
• Once a victim accidentally opens up the offending .scr file provided in an email, the payload
will encrypt all of the data on their system and only decrypts if a Bitcoin payment is made.
47. The ransomware response kit comes with the removal tools to combat the
following variants of malware strains:
• CryptoLocker: CryptoLocker removal tools and Threat Mitigation
• CryptoLockerDecrypt: FireEye Tool to decrypt files encrypted by the
CryptoLocker ransomware
• TrendMicro_Ransomware_RemovalTool: General ransomware removal tool
from TrendMicro
• FBIRansomWare: FBIRansomWare Removal Tools
• CoinVault: CoinVault ransomware removal tools
• TeslaCrypt: Tool for removing this variant of CryptoLocker ransomware
48.
49. HOW to Remove Ransomeware
Step 1 Scan and detect
Step 2 Stop and remove
Step 3 Identification and find solution
step 4 Recovery from back
Step 5 Use decryption tools