“what keeps me up at night” chris voller€¦ · what keeps you up at night? ransomware…....
TRANSCRIPT
![Page 1: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/1.jpg)
Ransomware“What Keeps me up at night”
Chris Voller
![Page 2: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/2.jpg)
Agenda▪ Who is this?▪ Intro – Disclosure Release▪ Interesting Stats▪ “What is Ransomware?”▪ “Where is it coming from?”▪ “How do I get it?”▪ “I have to Click on things rights?”▪ “Now what do I do?”▪ “How can I prevent this from happening?”▪ “What is coming up next?”
![Page 3: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/3.jpg)
House Keeping
![Page 4: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/4.jpg)
Bio▪ Chris Voller, OSCP, CEH
– IT Security Architect – University Hospitals (by day)– IT Security Researcher / Vulnerability Exploiter (by night)– Active Contributor to Kali Linux Project / Metasploit– Exploit Author – VNC/RDP– Security Bounty Hunter (Google Labs/Facebook)– IT Security Speaker– Father of 3 (Abbi 8, Calli 4, Hadley 9m)
![Page 5: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/5.jpg)
![Page 6: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/6.jpg)
Ohio now in the to 10
![Page 7: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/7.jpg)
http://www.go-gulf.com/blog/cyber-crime/
120.1 Billion, who wants my $$$?
![Page 8: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/8.jpg)
![Page 9: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/9.jpg)
What keeps you up at night?
Ransomware….
![Page 10: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/10.jpg)
What is Ransomware?▪ A type of malware that attempts to extort money from a computer user by infecting and taking control of the victim machine or the files and documents stored on it.
▪ Types– Lock Screen Ransomware (link)– Encryption Ransomware (link)– Master Boot Record (MBR) Ransomware (link)
![Page 11: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/11.jpg)
History (brief)▪ 1989 “AIDS” Trojan / PC Cyborg – Joseph Popp▪ 2005 “Prominent Vector” (Easy to decrypt)▪ 2006/mid RSA Encoding used (Hard to decrypt)▪ 2013 OS X Ransomware Found▪ 2014 – 2016– Crypto Locker– Cryptowall (v1, v2, v3)– Tesla Crypt (v1, v2, v3)– Locky
▪ End of 2015 Cryptowall v3 >$325 Million
![Page 12: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/12.jpg)
History (brief)
![Page 13: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/13.jpg)
“Where is it coming from?”▪ Phishing Attacks (Mass Messages / Snow Shoe)– Malicious Attachments– Macro Enabled Attachment▪ Macros Pull a Payload and execute the control inside of the document
▪ Malicious Links (Clicked)– User clinks on a malicious tailor domain link▪ Pop up (typically Java Script/or Flash Applet)▪ Will check to see if vulnerable – If not then custom “Update” linked to the payload/Crypto Installer
![Page 14: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/14.jpg)
“I have to click on things right?”▪ NO….
▪ Malicious Links (Drive By)– Hugo Boss (Link)
▪ Attackers are purchasing miss spelled domains
▪ Malicious 3rd party Ads– See Next
![Page 15: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/15.jpg)
![Page 16: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/16.jpg)
“Now what do I do?”▪ …so tell me about your backups....
▪ It can only get better from here on...
▪ Home/Small Office (Contained Host) –– Reload OS– Reload Applications– Patch/Patch/Patch– Install Counter Defence Applicaions– Setup of User Accoutns – Remove Admin Access– Rebuild your Documents/download from backup
![Page 17: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/17.jpg)
“Now what do I do?”
![Page 18: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/18.jpg)
“Now what do I do?”▪ Business– Find the “Encrypted User Agent”– Disable the account in Active Directory– Disable the PC Account the user is logged into (NEW)– Mapped Drives (Personal)?▪ Copy/Rename/Delete
– Actions on User Device?▪ Physical – Rebuild▪ Virtual – ?▪ Server - Remove User Profile
![Page 19: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/19.jpg)
“How can I prevent this from happening?”▪ User Education– New User– Continue Education (yearly)
▪ User Access Controls (UACs = Permission Lockdown)▪ Patch/Patch/Patch….Patch▪ Policies– Disable Local Admins– Disable Macros / Web Enabled Macros
▪ Backup Data
![Page 20: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/20.jpg)
“How can I prevent this from happening?”▪ AV --- <10%
▪ Antimalware <40%
▪ Gateway Level Protection– File detonation and Discovery
▪ Application Level White Listing
![Page 21: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/21.jpg)
“What is coming up next?”▪ Document Tagging / IP Address Lookup = Larger Ransom
▪ Advanced Polymorphic Algorithms
▪ Crypto Worms
▪ Encryption of previous Maped Network Drive (with permissions)
▪ Increased Encryption Extensions (greater then Locky)
![Page 22: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/22.jpg)
![Page 23: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/23.jpg)
Feel Free to Reach out….▪ Email – [email protected]
▪ Email – [email protected]
▪ Linkedin - https://www.linkedin.com/in/mrchrisvoller
▪ Twitter - @MrChrisVoller
![Page 24: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/24.jpg)
Keep Open….
![Page 25: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/25.jpg)
Screen Lock (back)
![Page 26: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/26.jpg)
Encryption Ransomware (back)
![Page 27: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/27.jpg)
![Page 28: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/28.jpg)
Master Boot Record (MBR) (back)
![Page 29: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/29.jpg)
![Page 30: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/30.jpg)
Hugo Boss (FAKE SITE) back
![Page 31: “What Keeps me up at night” Chris Voller€¦ · What keeps you up at night? Ransomware…. What is Ransomware? A type of malware that attempts to extort money from a computer](https://reader033.vdocument.in/reader033/viewer/2022051911/6000aa50324fbf06b807fff7/html5/thumbnails/31.jpg)
Locky File Extensions (back)
▪ .mid, .wma, .flv, .mkv, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar.bz2, .tbk, .bak, .tar, .tgz, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .cgm, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .class, .jar, .java, .asp, .brd, .sch, .dch, .dip, .vbs, .asm, .pas, .cpp, .php, .ldf, .mdf, .ibd, .MYI, .MYD, .frm, .odb, .dbf, .mdb, .sql, .SQLITEDB, .SQLITE3, .asc, .lay6, .lay, .ms11 (Security copy), .sldm, .sldx, .ppsm, .ppsx, .ppam, .docb, .mml, .sxm, .otg, .odg, .uop, .potx, .potm, .pptx, .pptm, .std, .sxd, .pot, .pps, .sti, .sxi, .otp, .odp, .wks, .xltx, .xltm, .xlsx, .xlsm, .xlsb, .slk, .xlw, .xlt, .xlm, .xlc, .dif, .stc, .sxc, .ots, .ods, .hwp, .dotm, .dotx, .docm, .docx, .DOT, .max, .xml, .txt, .CSV, .uot, .RTF, .pdf, .XLS, .PPT, .stw, .sxw, .ott, .odt, .DOC, .pem, .csr, .crt, .key, wallet.dat