defend your company against ransomware
TRANSCRIPT
Defend Your Company Against Ransomware!
• What is Ransomware?• How does it affect you?• Real world example• What to do if you are a victim of
Ransomware?• General Security Best Tips
Agenda
Ransomware is a type of malicious software that restricts access to a victim’s infected computer while demanding that the victim pay money to the operators of the malicious software before that software is removed and access is regained.
What is Ransomware?
Ransomware can: Prevent you from accessing your operating system Encrypt all of your files Prevent you from running an application (like a browser) Disrupt your use of a smart TV, smart watch, or other smart
appliances
Once one of the above happens, there is no guarantee that paying the demanded ransom will restore your machine back to normal.
Payment!!– Payment is always the goal of
the attackers – …..(but restoring access to a
computer once the payment has been made is not always possible)
– The return on investment for the attackers is very high with this type of attack.
What is the goal of attacks?
Reason #1: Ease of use
Reason #2: Propagation of Bitcoins(an increasingly common type of internet currency that is often demanded as ransom due to its untraceable nature)
Reason #3: Often, the ransom the attackers demand to clean up the damage is cheaper than hiring a security team to attempt to remove the malware.
Why has Ransomware become so popular among cyber thieves?
Source: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
Ransomware comes in many forms
Ransomware 2016 Highlights
Source: https://www.trendmicro.com/vinfo/us/security/definition/ransomware
Attackers can restrict access to an infected computerHow? By…
– Encrypting the hard drive with a encryption key known only to the attackers
– Taking control of the operating system using a vulnerability present in the operating system and then displaying a message to the user telling them they have been locked out
How Does It Affect You
Ransomware can be installed onto a victim’s machineHow? By…
– Tricking the user into opening a malicious attachment– Copying a file to a machine that appears to be legitimate– Downloading a malicious application– Visiting a malicious website or a website that has been hacked– Clicking on malicious links found in emails, social media websites,
and messaging apps.
Curiosity killed the cat ….and helps the bad guys install ransomware on victims’ computers.
How Does It Affect You
Real World ExampleTarget Spotlight: Large Hospitals
• Recently, large urban hospitals have been targets of ransomware...
• March 2016: Hollywood Presbyterian Hospital in Los Angeles paid $17,000 to regain access to its computers
• March 2016: The largest healthcare provider in Washington DC, MedStar Health, was ransomed for over $18,000 to gain access to its systems.
• This form of extortion can be painful to organization not only for the monetary loss, but also due to loss of reputation as their company names are made public)
Target Spotlight: Large Hospitals
Real World ExampleRansomware Spotlight: CryptoLocker
• How was it made?– This ransomware was propagated using malicious email attachments. It also used an existing botnet called “Zeus” for
command and control of the malicious software.
• What did it do?– CryptoLocker would encrypt certain types of files that were stored locally or on mounted network drives using a public
encryption key. CryptoLocker targeted computers running Windows.
Ransomware Spotlight: CryptoLocker
• Why was it hard to recover encrypted data?– The private key that could decrypt the data was stored on the botnet’s
command and control servers. The malware was easy to remove…but that wasn’t the point. Once the data was encrypted, the damage was done.
• What was the ransom threat?– then the private key needed to decrypt their data would be deleted…
or the ransom would increase by a significant amount
Ransomware Spotlight: CryptoLocker
• How was it beaten?– The original version of CryptoLocker was taken down when an international operation consisting of law enforcement
agencies, security companies, and academic researchers was able to destroy the ZeuS botnet which had been used to propagate CryptoLocker.
– “Operation Tovar” was able to sever the ZeuS botnet from its “command-and-control” servers. These servers had been used to send commands to machines infected with CryptoLocker and other forms of malware.
– Security firms were then able to create a portal called “Decrypt CryptoLocker”, which enabled over 500,000 victims to submit a file encrypted by CryptoLocker. The portal would then test that file against all of the encryption keys that had been stored by the command-and-control servers to find the one that would decrypt the victim’s files.
• Keep An Eye Out…– ...Updated versions of CryptoLocker and many other forms of ransomware have now become popular amongst cyber
criminals, so the threat still remains.
Ransomware Spotlight: CryptoLocker
What if YOU were the victim?
If your computer has been locked by malware or the files have been encrypted…
Step 1:
Don’t Click On Anything!!
What if YOU were the victim?
Step 2: Don’t Believe Scare Tactics
Older versions of ransomware would often claim that you had done something illegal with your computer. This is a scare tactic to trick
victims into paying the ransom and not alerting the authorities.
…Don’t believe it!
What if YOU were the victim?
Step 3: If at all possible, Don’t Pay the Ransom.
The fewer people and organizations that pay, the less likely that ransomware will stay as profitable as it is now.
What if YOU were the victim?
Option 1: • If you feel you are technically savvy, you can visit Microsoft’s
website for steps that might help decrypt your files.
Option 2: • If you don’t feel comfortable trying that, we recommend taking
your computer to a well known computer repair shop that has experience with removing ransomware and restoring files.
“But my personal files are already encrypted, what do I do?”
Implementing a multiple layer of defense technique is required to defend computers against the crippling effects of ransomware.
My Recommendation: Implement User Education
Train your staff in security awareness best practices, especially email and malware!
General Security Tips
Why? Because attackers are looking for ways to trick users into clicking on a
malicious email attachment, copy a file onto their computer, or install a “Trojan horse”
What to Know About Malicious Software Detection Tools
**Keep in Mind**...While these tools are useful, they may not be able to stop the most recent versions of this malicious software because they are only able to identify the versions of the malicious software they recognize
Keep all of your software up to date, especially your browsers If possible, have a pop-up blocker running on your browsers
General Security Tips
Maintain a consistent data backup policy
This is the MOST IMPORTANT layer of defense.
It is important to have a data backup policy where system backups are stored in a location that is inaccessible to the infected machine, preventing the ransomware from encrypting the backups.
The backups should be stored on removable media or a drive that wasn’t connected when the ransomware was installed and executed.
General Security Tips
In partnership with Security Innovation, Emenda can offer over 120 courses to help protect your business. To download our latest course list, click hereFor further information or to get in touch:Contact UsVisit Our Website
Further Information