ransomware: 2016's greatest malware threat

© 2016 JURINNOV, LLC All Rights Reserved.

RansomwareDECEMBER 7, 2016

LEARN ABOUT 2016’S GREATEST MALWARE THREAT

© 2016 JURINNOV, LLC All Rights Reserved.

Eric VanderburgDirector of CybersecurityVarious certifications including MCSE, CISSP and HISPLicensed private investigatorMBA from Kent State University18 years experience in IT and cybersecurityAuthor and regular presenter

© 2016 JURINNOV, LLC All Rights Reserved.

Topics• Definition• Target• Effects• Ransoms• Examples• Statistics• Threat Vectors

© 2016 JURINNOV, LLC All Rights Reserved.

What is Ransomware? Ransomware - Ransomware is a form of malware that infects a computer, encrypts data on the computer and sometimes attached network drives, and then demands a ransom payment to get the decryption keys. Ransomware as a Service (RaaS) – Ransomware authors license ransomware to distributors in a revenue sharing model.

© 2016 JURINNOV, LLC All Rights Reserved.

Target

Email

Enterprise apps /

databases

Work product

Contacts

Photos

Multimedia

Data is the lifeblood of your business

© 2016 JURINNOV, LLC All Rights Reserved.

Effects of ransomware

Encrypted files Encrypted drives Encrypted databases

Encrypted backups

© 2016 JURINNOV, LLC All Rights Reserved.

Ransoms Ransoms range from 0.5 – 5 bitcoins

Bitcoin valued at 767 USD or 719 EUR as of December, 2016

Ransoms for organizations are far more

© 2016 JURINNOV, LLC All Rights Reserved.

Hollywood Presbyterian

Network offline for a week Email and patient data unavailable Had to use paper records and send some patients to other hospitals Paid $17,000 to decrypt filesDate:

February, 2016

Ransomware:LOCKY

© 2016 JURINNOV, LLC All Rights Reserved.

MedStar Health

Couldn’t update thousands of patient records. 10 hospitals and more than 250 outpatient centers to shut down their computers and email Paid $18,500 to decrypt filesDate:

March, 2016Ransomware:SAMSAM

© 2016 JURINNOV, LLC All Rights Reserved.

Kansas Heart Hospital

Widespread infection throughout the hospital Paid the ransom but did not get the decryption keys

Date:May, 2016Ransomware:SAMSAM

© 2016 JURINNOV, LLC All Rights Reserved.

San Francisco Municipal Transportation

No fares collected on Black FridayHad to use paper recordsExtortionist demanded $73,000 SFMTA refused to pay

Date:November, 2016Ransomware:HDDCryptor

© 2016 JURINNOV, LLC All Rights Reserved.

Hundreds of new ransomware variants just this year this year (over 400% increase since 2015)

Stats

KeRanger

PayCrypt

JobCryptor

HiBuddy

HydraCryptVipasana

UmbrecryptLOCKY

CryptoJocker

Nanolocker

LeChiffreMagic

Ginx

73v3n

Mamba

HDDCryptor

SAMSAMPowerware

Peyta

Jigsaw

Cerber

Radamant Rokku

© 2016 JURINNOV, LLC All Rights Reserved.

Hostage Data

System Vulnerabilities

Social Engineering

Malvertizing

EmailSocial media Instant

messaging

SMS

Drive by

Shared folders and cloud data

Threat vectors

© 2016 JURINNOV, LLC All Rights Reserved.

Questions?FOR MORE INFORMATION:WWW.JURINNOV.COM ERIC.VANDERBURG@JURINNOV.COM216-664-1100