16
Ransomware What it is and how to avoid becoming a victim Mark Chimley 13 October 2016
| Date post: | 08-Jan-2017 |
| Category: |
Technology |
| Upload: | iispeastmids |
| View: | 492 times |
| Download: | 0 times |
RansomwareWhat it is and how to avoid becoming a victim
Mark Chimley
13 October 2016
(c) Genus One Ltd 2016
Contents1. Introduction
1. Background and history
2. Technical Information
1. How Ransomware operates
2. Statistics & classification
3. Mitigation
1. Prevention and cure
(c) Genus One Ltd 2016
Introduction
Cryptovirology
A study of cryptography in malware
Aug 2013
(c) Genus One Ltd 2016
Introduction
Observations
“The researchers consulted during this study widely hold the opinion that cryptography is no longer being used for obfuscation of modern malware and is of decreasing relevance”
● [What if] more complex cryptography were used - along the lines described in this report?
● Why isn't there more ransomware?
(c) Genus One Ltd 2016
Introduction
(c) Genus One Ltd 2016
Introduction
New Age of Ransomware
● In Britain 54% of surveyed businesses have been targeted with ransomware {Malwarebytes}
● Over 120 separate families of ransomware● “... businesses which have spent hundreds of
millions of dollars on end-point security … are still getting hit by [ransomware]” {Bromium}
● 56% of UK universities suffered a ransomware attack in the past year {SentinelOne}
(c) Genus One Ltd 2016
Technical Details
Ransomware Types
Lockers
Disable parts of the computer operating
system
Data Extortion
Copies data and threatens to expose it
Cryptographic Ransomware
Encrypts data so it cannot be accessed
(c) Genus One Ltd 2016
Technical Details
Symmetric Cryptography
(c) Genus One Ltd 2016
Technical Details
Asymmetric Cryptography
(c) Genus One Ltd 2016
Technical Details
Cryptographic Ransomware
(c) Genus One Ltd 2016
Technical Details
(c) Genus One Ltd 2016
Technical Details
Categorisation
● Recoverable● Weak Cryptography● Poor implementation● Fake (no encryption)● Obtain keys
e.g. server 'take-down'
● Non-Recoverable● Well designed● Uses a robust crypto-
library● Not yet analysed
(c) Genus One Ltd 2016
Mitigation
Data Recovery
● Ransomware 'decryptor' tool– Recovers data from poor or compromised
ransomware
● Pay up!– But this proliferates the attacks
● Restore data from backups– Assuming backups not encrypted too!
(c) Genus One Ltd 2016
Mitigation
Anti-Virus Software
● On-access scanning– For signatures of known malware
● Web browser plug-in– Warns of known risky or compromised sites
● Keep it up to date● Not a panacea
(c) Genus One Ltd 2016
Mitigation
Information Security Management
● Awareness– Security training
● Backup● Anti-malware● Email
– Links
– Attachments
● Software Updates– OS and Apps
● Data Separation● Trusted Applications
(c) Genus One Ltd 2016
Questions
For more information about cyber security and how to protect your data please visit our website:
http://www.genusone.co.uk/
http://www.trendmicro.com/
