r a n s o m w a r e 10/talks/rootco… · · 2017-03-21the malvertisement will redirect the...
TRANSCRIPT
![Page 1: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/1.jpg)
![Page 2: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/2.jpg)
R A N S O M W A R E
Battling A Rapidly Changing
And Booming Industry
By : Jaaziel Sam Carlos
![Page 3: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/3.jpg)
Ransomware 101
Ransomware Attacks
Identifying Ransomware
Solution and Prevention RANSOMWARE
Battling A Rapidly
![Page 4: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/4.jpg)
RANSOMWARE 101
![Page 5: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/5.jpg)
A type of malware which limits
or prevents users from using a
system. It forces its victims to
pay ransom through certain
payment methods. There are at
least 110 known Ransomware
Family today
RANSOMWARE | What is Ransomware?
WHAT IS RANSOMWARE?
RANSOMWARE 101
![Page 6: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/6.jpg)
RANSOMWARE | Brief History
FIRST SIGHTING
The first ransomware
was discovered in
Russia around 2005. It
was detected as
PGPCODER
OUTSIDE RUSSIA
During 2012,
Ransomware variants
spread in countries
across Europe. Mostly
uses Fake Police
Notification.CRYPTOLOCKER
In 2013, CryptoLocker
was discovered and the
use of military grade
encryption and TOR
among ransomwares
became common
![Page 7: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/7.jpg)
RANSOMWARE | Ransomware Threat
DAMAGE POTENTIAL HIGH
DISTRIBUTION LOW
UPDATE FREQUENCY HIGH
![Page 8: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/8.jpg)
RANSOMWARE | New Ransomware
212014
322015
60
2016
![Page 9: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/9.jpg)
RANSOMWARE | New Ransomware
21
2014
322015
60
2016
![Page 10: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/10.jpg)
RANSOMWARE | Kinds of Ransomware
DOCXPDFXLSX CRYPCRYPCRYP
FILECRYPTOR
![Page 11: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/11.jpg)
RANSOMWARE | Kinds of Ransomware
ALERT! YOUR COMPUTER HAS BEEN LOCKED
To regain access to your computer enter the key which you can have by paying 500$ in the following account
Enter
RANSOMWARE
ATTACKS
LOCKSCREEN
![Page 12: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/12.jpg)
RANSOMWARE
ATTACKS
![Page 13: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/13.jpg)
RANSOMWARE | Ransomware Attacks
PAYLOADARRIVAL
RANSOMWARE
ATTACKS
![Page 14: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/14.jpg)
RANSOMWARE | Arrival
EXPLOIT KITSSPAM MAIL
![Page 15: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/15.jpg)
RANSOMWARE | SPAM Mails
![Page 16: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/16.jpg)
RANSOMWARE | SPAM Mails
A SPAM with a
malicious link that
redirects to a
download site or
exploit serve kit
T Y P E 1
![Page 17: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/17.jpg)
RANSOMWARE | SPAM Mails
A SPAM with a
malicious
document
which disguises
as a CV
T Y P E 2
![Page 18: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/18.jpg)
RANSOMWARE | SPAM Mails
A SPAM with a
malicious script
file which
downloads the
ransomware
T Y P E 3
![Page 19: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/19.jpg)
RANSOMWARE | Exploit Kits
EXPLOIT KITS
![Page 20: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/20.jpg)
RANSOMWARE | Exploit Kits
THE NORMAL SITE
- x
A normal site can
redirect to an
exploit server kit
with the use of
“Malvertisement”
![Page 21: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/21.jpg)
RANSOMWARE | Exploit Kits
THE NORMAL SITE
- x
The malvertisement
will redirect the
network traffic to
an Exploit Server Kit
![Page 22: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/22.jpg)
RANSOMWARE | Exploit Kits
THE NORMAL SITE
- x
The Exploit Kit will
be responsible for
checking the
system for
vulnerability that
will be exploited
and using it to
download the
Ransomware
![Page 23: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/23.jpg)
RANSOMWARE | Exploit Kits
THE COMPROMISED SITE
- x
A Compromised
Site is a site which
is hacked/stolen
by a
cybercriminal. This
can be used to
redirect a user to
a Exploit Server Kit
![Page 24: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/24.jpg)
RANSOMWARE | Arrival
Exploits Delivered Ransomware (2015) Delivered Ransomware (2016)
Angler Exploit Kit CryptoWall, TeslaCrypt, CryptoLockerCryptoWall, TeslaCrypt, CryptoLocker,
CryptXXX
Neutrino Exploit Kit CryptoWall, TeslaCrypt CryptoWall, TeslaCrypt, Cerber, CryptXXX
Magnitude Exploit Kit CryptoWall CryptoWall, Cerber
Rig Exploit Kit CryptoWall, TeslaCrypt Ransom_GOOPIC
Nuclear Exploit KitCryptoWall, TeslaCrypt, CTB-Locker,
TroldeshTeslaCrypt, Locky
Sundown Exploit Kit CryptoShocker
Hunter Exploit Kit Locky
Fiesta Exploit Kit TeslaCrypt
![Page 25: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/25.jpg)
RANSOMWARE | Payload
ARRIVAL
Ransomware is
downloaded or
dropped onto the
system.
![Page 26: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/26.jpg)
RANSOMWARE | Payload
CONTACT
The Ransomware will
connect the C&C to
receive a Key and
send victim
information
![Page 27: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/27.jpg)
RANSOMWARE | Payload
SEARCH
The ransomware will
now start searching
the system for target
file types and
directories
![Page 28: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/28.jpg)
RANSOMWARE | Payload
ENCRYPT
Once the
ransomware finds a
target it will encrypt
the said files
![Page 29: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/29.jpg)
RANSOMWARE | Payload
RANSOM
The ransomware will
now display a
ransomnote that
instructs the victim
on how to pay the
ransom
We ENCRYPTED your FILES
Pay 1.5 BTC toUnlock your Precious files
![Page 30: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/30.jpg)
RANSOMWARE | Impact of Ransomware Infection
WHAT IS ITS
IMPACT TO THE
VICTIMS?
![Page 31: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/31.jpg)
RANSOMWARE | Impact of Ransomware Infection
ALERT! YOUR FILES ARE NOW ENCRYPTED
To regain access to your computer enter the key which you can have by paying 500$ in the following account
EnterPermanent or
temporary lost of
important files
![Page 32: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/32.jpg)
RANSOMWARE | Impact of Ransomware Infection
Disruption from
regular operations
ALERT! YOUR FILES ARE NOW ENCRYPTED
To regain access to your computer enter the key which you can have by paying 500$ in the following account
Enter
![Page 33: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/33.jpg)
RANSOMWARE | Impact of Ransomware Infection
ALERT! YOUR FILES ARE NOW ENCRYPTED
To regain access to your computer enter the key which you can have by paying 500$ in the following account
Enter
Financial loss
when paying the
ransom
![Page 34: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/34.jpg)
RANSOMWARE | Ransomware Profit
300$Average payed ransom by
victim
$30M every 100 days collected by
CryptoLocker threat actors
A Hospital from L.A. payed a ransom
amounting to 17,000$
![Page 35: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/35.jpg)
RANSOMWARE | Identifying Ransomware
IDENTIFYING
RANSOMWARE
![Page 36: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/36.jpg)
RANSOMWARE | Locky
LOCKY
![Page 37: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/37.jpg)
RANSOMWARE | Locky
LOCKY’s
arrival vector
is either
through SPAM
mail or
through
Nuclear
Exploit Kit
![Page 38: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/38.jpg)
RANSOMWARE | Locky
LOCKY needs an argument to run
properly
![Page 39: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/39.jpg)
RANSOMWARE | Locky
Encrypts the file name and
adds “.locky” or “.zepto”
![Page 40: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/40.jpg)
RANSOMWARE | Locky
The ransomnote
dropped by Locky
has the string
“HELP_instructions”
![Page 41: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/41.jpg)
RANSOMWARE | CryptXXX
CryptProjectXXX
![Page 42: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/42.jpg)
RANSOMWARE | CryptXXX
Copies legitimate rundll32.exe to
its current folder use it to load the
malware(some variants rename
the rundll32)
Latest variants lock the
screen after encrypting
the files on the system
![Page 43: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/43.jpg)
RANSOMWARE | CryptXXX
Version File Extension Loader Note Filename(s)
1 .crypt none de_crypt_readme
2 .crypt use of svchost.exe {unique ID}3 .crypt use of svchost.exe !Recovery_{ID}
{unique ID}
3 .cryp1 use of rundll32.exe !{unique ID}
3.2 .crypz use of explorer.exe !{unique ID}
3.205 .[Random] use of rundll32.exe @{unique ID}
![Page 44: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/44.jpg)
RANSOMWARE | Petya
Petya is a type of lockscreen.
And is able to encrypt, not
the files, but the Master File
Table
![Page 45: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/45.jpg)
RANSOMWARE | Cerber
Cerber
![Page 46: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/46.jpg)
RANSOMWARE | Cerber
CERBER’s
arrival vector
is either
through SPAM
mail or
through
Neutrino
Exploit Kit
![Page 47: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/47.jpg)
RANSOMWARE | Cerber
Encrypts the
file name and
adds
“.cerber” also
drops a
speaking
ransomnote
![Page 48: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/48.jpg)
RANSOMWARE | Cerber
Opens a
ransomnote
containing
the name of
the
ransomware
“CERBER”
![Page 49: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/49.jpg)
RANSOMWARE
IDENTIFICATION TOOLS
![Page 50: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/50.jpg)
RANSOMWARE | Solution and Prevention
SOLUTION AND
PREVENTION
![Page 51: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/51.jpg)
FREE DECRYPTION TOOLS
![Page 52: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/52.jpg)
RANSOMWARE INFO
![Page 53: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/53.jpg)
RANSOMWARE | Ransomware Overview Public Document
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
![Page 54: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/54.jpg)
RANSOMWARE | Ransomware Prevention
1 New Email
![Page 55: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/55.jpg)
RANSOMWARE | Ransomware Prevention
Creating
Backup
![Page 56: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/56.jpg)
RANSOMWARE | Ransomware Prevention
Updating
Software
![Page 57: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/57.jpg)
RANSOMWARE | Ransomware Prevention
P JuanDC Home7
Juan Dela Cruz
We have an opening
Send your resume to
![Page 58: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/58.jpg)
Threat ActorRansomware
![Page 59: R A N S O M W A R E 10/Talks/ROOTCO… · · 2017-03-21The malvertisement will redirect the network traffic to an Exploit Server Kit. RANSOMWARE | Exploit Kits THE NORMAL SITE -](https://reader031.vdocument.in/reader031/viewer/2022022500/5aa4008d7f8b9ab4788b47ea/html5/thumbnails/59.jpg)
THANK YOU