Upload File

h elp d esk h elp d esk t ech y our b ooks t ech y our b ooks smbk itchen smbk itchen l ook a w hale...

  • Home
  • Documents
  • H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG
29
ENCRYPTING VIRUSES THEY’RE THE MOST SIGNIFICANT THREAT TO BUSINESS THAT HAS EVER OCCURRED.

Upload: arron-barrett

Post on 19-Dec-2015

213 views

Category:

Documents


1 download

Report

Tags:

TRANSCRIPT

Page 1: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

ENCRYPTING VIRUSESTHEY’RE THE MOST SIGNIFICANT THREAT TO BUSINESS THAT

HAS EVER OCCURRED.

Page 2: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

AMY BABINCHAK

• Owner Harbor Computer Services, MSP• Owner Third Tier• Small Business MVP, (former Small Business Server, Essential Business Server

and Internet Security and Acceleration)• Blog: www.thirdtier.net/blog

Page 3: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

SUSAN BRADLEY

• Enterprise Security MVP. Former Small Business Server MVP. • IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun• GSEC certification in security • Prefers Heavy Duty Reynolds wrap for her tinfoil hat• Blog: http://blogs.msmvps.com/bradley/

Page 4: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHAT’S NEW WITH ENCRYPTING VIRUSES

• A BRIEF HISTORY OF THE EVOLUTION OF ENCRYPTING VIRUSES

• WHY THEY ARE HERE TO STAY

• BUSINESS IMPACT

• TAKING PROACTIVE ACTION

• GET TOOLS AND RESOURCES

Page 5: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

A BRIEF HISTORY OF THE EVOLUTION OF ENCRYPTING VIRUSES

Page 6: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

HOW THEY DO IT

• THE BIGGIES: CRYPTOLOCKER, CRYPTO DEFENSE, TORRENT LOCKER, CRYPTOWALL 1, 2 AND 3

• A BOTNET DROPS A VIRUS ON THE COMPUTER.

• THE VIRUS CALLS HOME FOR THE ENCRYPTION KEY.

• FILES ARE ENCRYPTED – FAST!

• RANSOM NOTE IS DISPLAYED

Page 7: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHY IT WORKS

• RUNS AS THE LOGGED IN USER

• DOESN’T BEHAVE LIKE A VIRUS

Page 8: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHY IT WORKS – PART 2

Page 9: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHY ENCRYPTING INFECTIONS ARE HERE TO STAY

SHORT VERSION: $,$$$,$$$

Page 10: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

MONEY TALKS • CRYPTOLOCKER MADE $3 MILLION

• COPY CATS HAVE MADE AN ESTIMATED $30 MILLION

Page 11: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

BUSINESS IMPACT

Page 12: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHO GETS INFECTED?

• POLICE DEPARTMENTS IN MAINE PAID THE RANSOM

• HTTP://WWW.WCSH6.COM/STORY/NEWS/LOCAL/2015/04/10/POLICE-DEPARTMENTS-HIT-BY-RANSOMWARE-VIRUS/25593777/

“LINCOLN COUNTY SHERIFF TODD BRACKETT SAID FOUR TOWNS AND THE COUNTY HAVE A SPECIAL COMPUTER NETWORK TO SHARE FILES AND RECORDS. SOMEONE ACCIDENTALLY DOWNLOADED A VIRUS, CALLED "MEGACODE", THAT PUT AN ENCRYPTION CODE ON ALL THE COMPUTER DATA.

THE SHERIFF SAID IT BASICALLY MADE THE SYSTEM UNUSABLE, UNTIL THEY PAID A RANSOM FEE OF ABOUT $300 TO THE CREATOR OF THE VIRUS. AFTER THE FEE WAS RECEIVED, THE DEPARTMENT WAS GIVEN A SPECIAL CODE TO UNLOCK THE ENCRYPTION AND RESTORE THE FILES. THE SHERIFF AND DAMARISCOTTA POLICE CHIEF RON YOUNG SAID NO ONE LIKED HAVING TO PAY OFF THE BAD GUY, BUT IT WAS THE ONLY WAY TO GET THEIR INFORMATION BACK.

Page 13: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHO GETS INFECTED?

• LAW FIRM IN NORTH CAROLINA

• HTTP://WWW.ESECURITYPLANET.COM/MALWARE/LAW-FIRM-LOSES-ALL-FILES-TO-CRYPTOLOCKER-RANSOMWARE.HTML

“AS SOON AS THE EMAIL WAS OPENED, EVERY SINGLE DOCUMENT HERE AT GOODSON’S LAW FIRM WAS LOCKED UP. 

GOODSON TELLS CHANNEL 9 WHILE NO CONFIDENTIAL INFORMATION WAS STOLEN, HE'S LOST ACCESS TO THOUSANDS OF LEGAL DOCUMENTS.”

Page 14: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHO GETS INFECTED?

• HOME USER IN MICHIGAN WE HELPED THEM PAY THE RANSOM

Page 15: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHO GETS INFECTED?

• A BUSINESS IN MICHIGAN• USER ERROR

• WE RESTORED FROM BACKUP

Page 16: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

TAKING PROACTIVE ACTION

YOU CAN FIGHT THIS

Page 17: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

THE USUAL SUSPECTS

• BACKUP

• PATCHES

• ANTI-VIRUS/ANTI-MALWARE SOFTWARE

Page 18: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

CLEAN HOUSE

• MINIMIZE THE # OF MAPPED DRIVES

• TIGHTEN UP FILE/FOLDER PERMISSIONS

• PATCH JAVA/FLASH/SILVERLIGHT

Page 19: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

BLOCK

• COMMAND AND CONTROL FOR CRYPTOWALL 2.0 ARE IN THE IP RANGE: 146.185.220.0/23

• MANY BOTNET CALL HOME TO .RU DOMAINS

• TOR SITES ALSO USED

• ANY “ANONYMOUS SERVICE” – SEE IF YOUR FIREWALL VENDOR HAS PRESET RULES

• CONSIDER FILTERING/BLOCKING DROPBOX LINKS

Page 20: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

EDUCATE

• URL’S

• ATTACHMENTS

• FREE APPLICATIONS

• WEBSITES

• BANNER ADS

Page 21: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

ZERO DAY FLASH

DON’T CLICK ON ADS

Page 22: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

ADD POLICIES

• BLOCK LOCATIONS IN THE USER PROFILE

Page 23: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHAT’S IN THE POLICIES?

SOFTWARE RESTRICTIONS

THE TELL

WMI FILTERS

DOCUMENTATION

Page 24: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHAT’S IN THE POLICIES?SOFTWARE RESTRICTIONS

THE TELL

WMI FILTERS

DOCUMENTATION

Page 25: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHAT’S IN THE POLICIES?SOFTWARE RESTRICTIONS

THE TELL

WMI FILTERS

DOCUMENTATION

Page 26: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

WHAT’S IN THE POLICIES?SOFTWARE RESTRICTIONS

THE TELL

WMI FILTERS

DOCUMENTATION

Page 27: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

THE NEXT LEVEL UP

• BIT9

• SAVANTPROTECTION.COM

• UPGRADE TO ENTERPRISE LICENSES

• POSSIBLY WINDOWS 10 – SMARTSCREEN FILTER IN THE OS

• SECUREAPLUS FOR HOME USERSAPPLICATION WHITELISTING

Page 28: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

TOOLS AND RESOURCES

HTTP://WWW.THIRDTIER.NET/?S=CRYPTO

HTTP://WWW.BLEEPINGCOMPUTER.COM/VIRUS-REMOVAL/CRYPTOLOCKER-RANSOMWARE-INFORMATION#DECRYPT

Page 29: H ELP D ESK H ELP D ESK T ECH Y OUR B OOKS T ECH Y OUR B OOKS SMBK ITCHEN SMBK ITCHEN L OOK A W HALE ! L OOK A W HALE ! B LOG B LOG

MORE FROM THIRD TIERGO TO HTTP://WWW.THIRDTIER.NET/EVENTS

• AMY AND SUSAN MONTHLY WEBINARS

• FOURTH WEDNESDAY 8PM EASTERN

• PHIL: MONTHLY CHAT

• THIRD WEDNESDAY 7PM EASTERN

• SUPER SECRET NEWS

• GO TO OUR WEBSITE TO SIGN UP. PEOPLE ARE ALREADY SIGNED UP

• AMY: CALYPTIX RANSOMWARE TECHNICAL PRESENTATION

• MAY 6TH 2PM EASTERN

• MVP ONLINE CONFERENCE

• SUSAN IS PRESENTING! MAY 14TH 4-6PM EASTERN

• CONFERENCE IS 2 DAYS

• AMY: AMY @ SMBONLINECONFERENCE STRETCHING TO THRIVE

• JUNE 24TH 1PM EASTERN

http://www.thirdtier.net/events

ESK Middle School Curriculum Guide

Baddesley 197 Itchen College which bus to use

HMS ESK 2017 - ellott-postalhistorian.comellott-postalhistorian.com/articles/HMS-ESK-In-NZ.pdf1870. In New Zealand 1863 ... Thames Expedition HMS Esk was immediately in action as part

esk itchen s.co...dresser so please call us if you have any questions, need a bespoke size or would like us to include your own ideas. With perfect proportions and classical styling

The Itchen Valley Parish Plan€¦ · Itchen Valley Parish Plan Consultation Questionnaire Nov 2012 Part A: page 1 Distributor name tel no email Itchen Valley Parish Plan Consultation

EnOcean Starter Kit ESK 300, ESK 300C, ESK 300U · terms of required design, marketing, and/or manufacturing related protective considertions, including a product safety and environmental

B OOKS - Wikispacesnoeminator.wikispaces.com/file/view/Super-Fun Reading and Writing...PSCHOLASTICROFESSIONAL B OOKS ... is Bozo’s clown wig.) • Plural possessive ... “Little

A ltered B ooks

anned ooks - Suffolk Public Library

Esk Country Golf Club E s k C ountr1 ESK COUNTRY GOLF CLUB INC. 152 Esk-Hampton Road ESK Qld 4312 PO Box 19 ESK Qld 4312 Phone: (07) 5424 1261 Email: [email protected]

ESK Automation_Rockwell Brochure

Wilo-Control ESK, PSK

Irregular EsK

Itchen Valley Churches

K itchen utensils and Processing food

RIVER ITCHEN CATCHMENT MANAGEMENT PLAN …3948/OBJ/20002603.pdf · River Itchen Catchment Management Flan A.1 SUMMARY This Management Plan covers the catchment of the River Itchen

3C: ITCHEN VALLEY

User Manual EnOcean Starter Kit ESK 300 (868MHz), ESK 300C

ANGLO-SAXON MANORS OF THE UPPER ITCHEN VALLEY: THEIR ... · ever, by a re-examination of the extant Anglo-Saxon charters for the manors of the upper Itchen. The upper Itchen valley

I nteractive N ote b ooks

Komponenten Components 2019 019 - ESK Schultze · ESK Komponenten für Kälte-, Klima- und Wärmepumpensysteme ESK Components for cooling, air conditioning and heat pump systems 019

K itchen P lanner - Lowe's Home Improvement: Appliances, Tools

Itchen Valley Amateur Radio Club Annual Report 2018 / 2019

Catalogo Virtual ESK

The Test and Itchen Catchment Abstraction Management Strategy

SOUTH ESK REPORT - nre.tas.gov.au

SCHOLASTIC PROFESSIONAL B OOKS

Alresford & Itchen Valley Forum

esk nz newsletter 2

ESK broszura MKiDN

Oman - ESK Advisory Firm

GMP B2 Training - ESK Jan 2011

Black Esk Reservoir Dam Raising - Water Projects · PDF fileBlack Esk Reservoir Dam Raising ... The Black Esk WTW and Reservoir is a key asset for Scottish Water in ... The piano-key

k → ite k ite k → itchen k itchen

SOLAR COLLECTORS - euroterm.net.mk · 3 selective solar collector esk 2.5 sb selective double glazed solar collector esk 2.5 sb t selective solar collector esk 2.5 sb u selective