Date post: | 23-Jan-2018 |
Category: |
Technology |
Upload: | sahil-khan |
View: | 408 times |
Download: | 2 times |
Ransomware By Sahil Khan
Null Bhopal Meet October 2016
Ransomware• What is Ransomware?• History..• How does Ransomware Operate?• What can you do about it?• Types of Ransomware• Famous Ransomware• Create Your Own Ransomware• Ransomware Weekend Highlight
Google Trends on Ransomware
What is Ransomware?• Ransomware is a type of malware which is widely
classified as a Trojan.
• It restricts access to or damages the computer for the purpose of extorting money from the victim.
• It also has the capability to encrypt a user’s files, display different threat messages, and force the user to pay ransom via an online payment system.
History...The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
How does a Ransomware operate?
• Ransomware typically propagates as a Trojan like a conventional computer worm entering a system through; for example, a downloaded file or a vulnerability in a network service.
• Encrypt personal files on the hard drive.
• Locks the computer display and does not allow the user to access any programs.
What can you do about It???
On the one hand, ransomware can be extremely scary – the encrypted files can essentially be considered
damaged and beyond repair. But if you have properly prepared your system, it is really nothing more than a
nuisance.
There are a few things that you can do to keep ransomware from wrecking your day.
Back up your dataThe single most important thing you can do to prepare for emergencies,
including being affected by ransomware, is to have regularly updated backups. Many ransomware variants will encrypt files on drives that are
mapped.
This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores to which you have assigned a drive letter. So your backup needs to be on an external drive or backup service that is
disconnected from your devices and network when not in use, and secured both physically and digitally.
Keep your Software Updated
Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to get onto systems unobserved. It can
significantly decrease the potential for malware infection if you make a practice of updating your software often. Enable automatic updates if you can, update
through the software’s internal update process, or go directly to the software vendor’s website.
Malware authors sometimes disguise their creations as software update notifications, so by going to well-known and good software repositories you can increase the odds of getting clean, vetted updates. On Windows, you may wish to double-check that old – and potentially vulnerable – versions of the software
are removed by looking in Add/Remove Software within the Control Panel.
Use a Reputable Security Suite
It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Malware authors
frequently update their creations to try to avoid detection, so it is important to have both these layers of protection. If you run across a ransomware variant that
is so new that it gets past anti-malware software, it might still be caught by a firewall when it attempts to connect with its Command and Control (C&C) server
to receive instructions for encrypting your files.
The next few tips are to help you deal with the methods that current ransomware variants have been using – these tips may not help in every case, but they are
inexpensive and minimally intrusive ways to cut off access routes used by a variety of malware families.
Show Hidden File Extension
One popular method malware uses to appear innocent is to name files with double extensions, such as “.PDF.EXE”. By
default, Windows and OSX hide known file extensions; malware takes advantage of this behavior to make a file
appear to be one that would commonly be exchanged. If you enable the ability to see the full file-extension, it can be
easier to spot suspicious file types.
Filter exe in EmailIf your gateway mail scanner has the ability to filter files by extension, you may want to deny mails that arrive with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (For example, “Filename.PDF.EXE”). If you do legitimately need to exchange
executable files within your environment and are denying emails with “.EXE” files, you can send them within ZIP files or via cloud services.
Sending in ZIP files can also give you an extra layer of assurance, as it allows you to choose an official, universal password for use within your household or company, which can help you identify unofficial files that
don’t use your agreed-upon password.
Disable RDP
Ransomware sometimes accesses machines by using Remote Desktop Protocol (RDP), which is a Windows utility that allows others to access your desktop remotely. If you do not need use RDP in your environment, you can disable it to protect your machines. For instructions on how to do so, visit the appropriate Microsoft Knowledge Base article.
Check to see if decrypter is available
Sometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse
for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your
problem is available for free, from a reputable source.
Use System RestoreSometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse
for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your
problem is available for free, from a reputable source.
Use System RestoreSometimes malware authors make mistakes and decryptors can be created. Other times, malware authors feel remorse
for their actions or stop development on a particular ransomware family, and then release a decryption key. It’s worth a quick internet search to see if the solution to your
problem is available for free, from a reputable source.
Set BIOS Clock backSome ransomware variants have a payment timer that
increases the price for your decryption key after a set time. You may be able to give yourself additional time by setting
the BIOS clock back to a time before the deadline window is up.
Types Of Ransomware
Locker Ransomware – Denies access to computer or device. Crypto Ransomware – Prevents access to files or Data
Famous Ransomware
• Reveton
• CryptoLocker
• CryptoLocker.F and TorrentLocker
Reveton In 2012, a major ransomware worm known as Reveton began to spread. It is also known as "police trojan". Its payload displays a warning from a law enforcement agency. Claiming that the computer had been used for illegal activities, such as
downloading pirated software, promoting terrorism, copyright etc. The warning informs the user that to unlock their system they would
have to pay a fine. To increase the illusion that the computer is being tracked by law
enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
CryptoLocker A Encrypting ransomware reappeared in 2013. Distributed either as an attachment to a malicious e-mail. Cryptolocker was also propagated using the Gameover ZeuS. Encrypts certain types of files stored on local drives using RSA public-key
cryptography. The private key stored only on the malware's control servers. Offers to decrypt the data if a payment is made by a stated deadline. Threatens to delete the private key if the deadline passes. It was isolated in May 2014,when a Gameover botnet was knocked out.
Tox Free Ransomware Toolkit
Continue……. 'Tox' Offers Free build-your-own Ransomware Malware Toolkit. Tox is completely free to use. One dark web hacker has released this for anyone to download
and set up their own ransomware for free. Tox, which runs on TOR, requires not much technical skills to use. It is designed in such a way that almost anyone can easily deploy
ransomware in three simple steps.
Continue……. 'Tox' Offers Free build-your-own Ransomware Malware Toolkit. Tox is completely free to use. One dark web hacker has released this for anyone to download
and set up their own ransomware for free. Tox, which runs on TOR, requires not much technical skills to use. It is designed in such a way that almost anyone can easily deploy
ransomware in three simple steps.
Make your own RansomwareOnce a user register with the site, follow these three simple steps to creating your own malware:Type a desired ransom amount you want to ask victims for.Provide an additional note in the "Cause", the message that will alert victims that they are being held hostage to a piece of malware.Finally, you are prompted to fill out a captcha, and click "Create".
"This process creates an executable of about 2MB that is disguised as a .scr file. Then the Tox [users] distribute and install as they see fit. The Tox site (runs on the TOR network) will track the installs and profit. To withdraw funds, you need only supply a receiving Bitcoin address.“
- McAfee explains..
Ransomware Weekend Highlights• Kostya Ransomware targets Czech Victims• A new in-the-wild ransomware was discovered by security researcher Jack• The Comrade Circle Ransomware uses a fake Windows Update Screen while
Encrypting• New variant of the Enigma Ransomware was Released• EvilTwin's Exotic Ransomware targets Executable Files• Decryptor for Version 2 of the DXXD Ransomware is Available• New variant of the Nuke Ransomware uses the .nuclear55 Extension• Cisco's Talos Group releases the LockyDump Tool for Researchers
Thank You…….