Date post: | 21-Apr-2017 |
Category: |
Internet |
Upload: | srinivas-thimmaiah |
View: | 21 times |
Download: | 0 times |
Srinivas Thimmaiah | Ransomware | 14 Feb 2017 1
RANSOMWAREFriend or Foe ?
By: Srinivas ThimmaiahDate: 14 Feb 2017
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
About me
An seasoned Information Security professional, speaker & blogger having around 13+ years of rich and insightful work experience in the areas of Information Security Assurance, Governance, Risk Management, BCM, Supplier Management, Awareness, IT Security, operational excellence and also in influencing team members and management.
CISM, ISO 27001 certified, CISCO certified Information Security & IT Security experienced professional.
Page 2
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Agenda What is ransomware Evolution of ransomware Types of ransomware Who are my target Top 3 ransomware strains of 2016 Trends of 2016 & ‘17 Case study Protect yourself Conclusion
Page 3
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
What is RansomwareRansomware is computer malware that installs covertly on a victim's device (computer, smartphone, etc), executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it.
Ran some where
Page 4
Source: https://en.wikipedia.org/wiki/Ransomware
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Evolution of ransomware
Page 5Source: https://blog.knowbe4.com/a-short-history-evolution-of-ransomware
1989AIDS/PC Cyborg trojan
2006PGP Coder Encryption trojan
2014Cryptodenfenseransomware
2016Lockyransomware
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Types of Ransomware
Encry
ption
Ranso
mware
Lock Screen Ransomware Master boot record
Ransomware
Encrypts files/folders
Lock screen and demand payments
Interrupts the normal boot process
Page 6
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Who are my targetYou ever can Pay Ransom are my
“Target”
Business users• Technology dependent• Data (customer)• Stakeholder management
Public/Government agencies • Data (confidential/secret)• Technical support• Reputation
*.wb2*.mdf*.dbf*.psd*.pdd*.eps*.ai*.indd *.cdr*.dng *.3fr*.arw*.srf*.sr2*.bay*.crw
Home users• Personal data• Data backup• Technical support
Page 7
Source: Symantec
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Top 3 Ransomware Strains of 20161. LockyLocky is ransomware malware released in 2016. It is delivered by email (that was allegedly an invoice requiring payment) with an attached Microsoft Word document that contains malicious macrosResearchers detected the first sample of Locky in February 2016. Shortly thereafter, it made a name for itself when it infected the computer systems at Hollywood Presbyterian Medical Center in southern California. Officials chose to temporarily shut down the hospital’s IT system while they worked to remove the ransomware, a decision which caused several departments to close and patients to be diverted elsewhere. But without working data backups, the executives at Hollywood Presbyterian ultimately decided to pay the ransom.
2. Teslacrypt
TeslaCrypt is a malicious program that encrypts users' files using AES encryption.
After months of tracking TeslaCrypt across spam campaigns and exploit kit attacks, security researchers at the Slovakian IT security firm ESET learned its developers intended to abandon the ransomware. The researchers contacted the developers and requested the master decryption key. In response, TeslaCrypt’s authors published the key, which ESET used to make a free decryption utility. Victims of the ransomware can now use this tool to regain access to their files.
3. HddcryptorHDDCryptor is a nasty family of ransomware. It’s capable of enumerating existing mounted drives and encrypting all files as well as finding and accessing previously connected drives and disconnected network paths.
Researchers first detected HDDCryptor in September 2016. Two months later, the ransomware made headlines when it infected 2,000 systems at the San Francisco Municipal Transport Agency (SFMTA), or “Muni,” and demanded ransom. Fortunately, the attack did not affect SFMTA’s rail and bus service, and the public agency said it would use its working backups to restore access to its systems.
Page 8Source: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/top-10-ransomware-strains-2016/
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Trends of 2016 & ‘17
Source: proofpoint.com
Growth in Distribution
Total ransomware has grown 80% in 2016
Ransomware 2016
Page 9
Ransomware 2017 Projection
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Cont..
Source: http://www.slideshare.net/JohnCABambenek/cryptolocker-andfriends-bhusa14http://www.darkreading.com/ransomware-attack-on-cctv-cameras-in-washington-dc-ahead-of-trump-inauguration/d/d-id/1328016
Page 10
Ransomware Attack On CCTV Cameras In Washington DC Ahead Of Trump Inauguration
Hotel hit by ransomware attack, report of guests trapped
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Case study
Page 11
Real Time Experience
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Protect yourself
Awareness
Page 12
Don’t get tricked
Effective Backup Management
Use of Antimalware software
Whitelisting program Effective Patch
Management
Srinivas Thimmaiah | Ransomware | 14 Feb 2017
Conclusion
Reason why we should pay…
Data is costlier than I pay ransom
Business priorities To avoid reputation loss Interest over time
Reason why we should NOT pay…
May repeat again Next ransom will be higher Criminal can’t be trusted Encouraging criminals
may be yes may be no may be yes and no
Page 13
Srinivas Thimmaiah | Ransomware | 14 Feb 2017 Page 14
Questions
Srinivas Thimmaiah | Ransomware | 14 Feb 2017 Page 15