a hackers perspective on ransomware
TRANSCRIPT
© 2016 Avecto Ltdavecto.com
A Hacker’s perspective on ransomware How ransomware works and how to prevent it
With Paula JanuszkiewiczCQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
*Based on Trustwave Global Security Report 2013/2014
~ 50% of organizations have experienced a
malware infection via email in the past calendar
year
$115 per user – amount spent on security software
in 2014
When $33 of that was underutilized or never used
~ 84% of IT Pros believe they need at least to
double their staff to respond to security issues
When 49% of security positions were left
unfilled in 2014
Source: http://pwc.com
Sad facts
Photo: the New York Times Magazine
Encrypts data
In theory: Once the payment is verified, the
program will decrypt the files
The private key that is used to decrypt the
infected files is on the C&C server
"C:\Windows\SYSWOW64\cmd.exe" /C
"C:\Windows\Sysnative\vssadmin.exe"
Delete Shadows /All /Quiet
Encrypts data stored on network shares if the
shared folders are mapped as a drive letter
on the infected computer
Infection spawns two processes of itself
It seemed to be a normal PDF file…
Public shamingOne of the latest version of CryptoWall was threatening to:
- Delete the keys to decrypt data
and…
- Publishing it online if they do not pay and follow the demands!
Photo: the New York Times Magazine
1. Back up the data
2.
3.
4.
5.
6.
7.
8.
9.
10.
11. Arrange Security Awareness campaigns
I know the traffic rules….
Awareness
They know the traffic rules….
… but does it guarantee that they are good
drivers?
Behavior
Culture
Users educated on best security practices
Regular quizzes / testing / workshops
Incident response plans established
Identified events to trigger the plan
Assessed data protection across all assets -endpoints, networks, regular data
AppLocker + SRP - when implemented wisely
Penetration testing evaluate how
resilient systems are to compromise
Code execution prevention or monitoring
Organizational Approach
Conclusion: Each organization can aim for a responsible security culture
© 2015 Avecto Ltdavecto.com
• Isolates browser, downloaded content and email attachments
• Mitigates ransomware / web threats
• Protect data and contain unknown threats
• #1 Defense strategy
• Easy to achieve whitelisting
• Regain control of unknown applications
• Mitigates 85% Critical Windows vulnerabilities
• Protect user and system
• Privileges when you need them
© 2016 Avecto Ltdavecto.com
For more information about Defendpoint or to arrange a demo,
please visit www.avecto.com