ransomware: how to avoid a crypto crisis at your it business
TRANSCRIPT
![Page 1: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/1.jpg)
Ransomware
How to avoid a crypto crisis
at your IT business
![Page 2: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/2.jpg)
Ransomware:How to avoid a crypto crisis
at your IT business
Jerry Koutavas
President
The ASCII Group, Inc.
Ben Yarbrough
CEO
Calyptix Security
![Page 3: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/3.jpg)
#webclinic#calyptix
1. Ransomware background
2. How to avoid a crypto crisis
3. About AccessEnforcer
4. Helpful resources
Today’s Agenda
![Page 4: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/4.jpg)
#webclinic#calyptix
Ransomware Background
![Page 5: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/5.jpg)
#webclinic#calyptix
What is Ransomware?
• Extortion via software
• Restricts access to an infected computer system and demands a ransom payment to return access.
• Dates back to 1989 with the AIDS trojan
• AIDS hid folders, encrypted file names, and said a software license had expired. Fee of $189 to “renew” license and unlock the computer
![Page 6: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/6.jpg)
#webclinic#calyptix
What is encrypting or “crypto” ransomware?
• Today’s primary ransomware threat
• Restricts access by encrypting a victim’s files. Demands a ransom to decrypt them
• Common examples: – Crypolocker, Critroni, CTB-locker
![Page 7: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/7.jpg)
#webclinic#calyptix
Cryptolocker• Widely known variant of
ransomware
• Rose to prominence in late 2013
• Defeated in June, 2014, in a joint effort by various government agencies and security firms
• Decryption keys now freely available for victims at www.decryptcryptolocker.com
![Page 8: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/8.jpg)
#webclinic#calyptix
Decryption is impossible
• Decrypting files is mathematically infeasible without a key
• After infection, the only hope is to restore from backup or pay the ransom
• Paying the ransom is a bad idea – it encourages the criminals
![Page 9: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/9.jpg)
#webclinic#calyptix
How does ransomware spread?
• Malicious email attachments
– Appears as notice for invoice, voicemail, shipment, etc.
– Affects corporate and personal email (Gmail, Yahoo!, etc.)
• Drive-by downloads– Malicious websites infect
victims via exploits for unpatched software
![Page 10: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/10.jpg)
#webclinic#calyptix
How does ransomware spread?
• Malvertising– Online advertising used to
spread malware
– Recent example included pages from Yahoo, AOL, The Atlantic, Match.com
• Removable drives– Connecting an infected
USB drive can spread some variants
– Includes mobile devices
![Page 11: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/11.jpg)
#webclinic#calyptix
Common scenario• A “dropper” is installed on the
victim’s machine
• The dropper downloads and installs the full malware package
• Malware searches the local machine and all mapped drives for targeted files.
• Files are encrypted using a strong algorithm.
![Page 12: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/12.jpg)
#webclinic#calyptix
Common scenario
• Victim is notified that the files are locked.
• Ransom is demanded, often from $100 to $600, to be paid in Bitcoins
• Instructions provided on how to acquire Bitcoins and pay
![Page 13: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/13.jpg)
#webclinic#calyptix
Common scenario
• Deadline given for ransom payment, often from 48 to 96 hours
• If ransom is not paid by deadline, the ransom will increase or the decryption key will be destroyed.
![Page 14: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/14.jpg)
#webclinic#calyptix
An evolving threat• Hundreds of thousands of
ransomware variations exist
• Some allow users to decrypt up to five files to “prove” decryption is possible.
• Victims can read payment instructions in multiple languages
• Ransoms jumped from $24 to $650 in some later versions
![Page 15: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/15.jpg)
#webclinic#calyptix
Where is it headed?
• RansomWeb – Hackers
encrypt data stored on a web
server and demand a ransom
payment.
“The next step might well be the modern equivalent of protection
rackets – threatening companies with being either taken offline
or having their databases frozen unless they pay a regular fee.”
- Professor Alan Woodward, University of Surrey Department of Computing
![Page 16: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/16.jpg)
#webclinic#calyptix
Thousands of victims
• Cryptolocker made $30
million in 100 days,
according to some
estimates
• Ransoms paid by police
departments, town halls,
law offices, and
businesses of all sizes
![Page 17: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/17.jpg)
#webclinic#calyptix
Thousands of victims• The Law Offices of Paul
Goodson, based in Charlotte, NC, lost every document on its main server
• Infected by a malicious email attachment. Email disguised as a voicemail notification.
• Attempted to pay $300 ransom but did not complete the transaction by deadline
![Page 18: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/18.jpg)
#webclinic#calyptix
Free marketing resource
• Show law firms the
dangers of ransomware
• Includes three examples
of attacked law firms
• We will send it to you
after today’s presentation
![Page 19: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/19.jpg)
#webclinic#calyptix
How to avoid a crypto crisis
![Page 20: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/20.jpg)
#webclinic#calyptix
• Suspicious emails
• Suspicious sites
• Software and network hygiene
• Segregate personal and
business web use
• Explain the rational of
restricting business networks
Educate users
RansomwareIs Bad
![Page 21: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/21.jpg)
#webclinic#calyptix
Patch, patch, patch
• Maintain the latest
versions of your firewall,
anti-virus, operating
systems, applications,
and other systems.
• Automatically update as
new patches become
available.
![Page 22: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/22.jpg)
#webclinic#calyptix
Filter spam and malicious email
• The top way ransomware spreads is by email attachment
• Some infections begin with a .scr file that arrives in a .zip or .cab email attachment
• Filter emails for content and attachments before they reach end users
![Page 23: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/23.jpg)
#webclinic#calyptix
Filter outbound traffic• Control sites users can access
• Block malicious hosts
• Block IP range 146.185.220.0/23 – Range is associated with CryptoWall
• Enable intrusion prevention
system (IPS)
• Default deny all outbound traffic
![Page 24: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/24.jpg)
#webclinic#calyptix
Group policies for Windows
• Block ransomware from
installing in its favorite
directories
• Free resource: Cryptolocker
Prevention Kit from Third
Tier (link at end of
presentaiton)
![Page 25: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/25.jpg)
#webclinic#calyptix
Limit access to network shares
• Ransomware checks all mapped drives (including network drives)
• Only administrator and back up service provider should access back up drives
• When mounting a backup for restore purposes, make sure the permissions are set to “read only”
![Page 26: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/26.jpg)
#webclinic#calyptix
Back up all files• The only way to fully recover
from infection is with a good backup
• Many businesses operate without backups, which can make ransomware infection a worst-case scenario
• Remember to test backups. They are only good if you can restore the data.
![Page 27: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/27.jpg)
#webclinic#calyptix
Additional tips
Install a reputable anti-virus solution such as Microsoft Security Essentials or Malware Bytes.
Do not allow user accounts to modify applications or the operating system (e.g. standard user)
Adjust web browser settings to prevent forced downloads
![Page 28: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/28.jpg)
#webclinic#calyptix
What if you are infected?
• Immediately power off the machine
• Unplug from the network
• Remove the hard drive and scan it with antivirus to remove infection.
• Do not power on the drive until it is cleaned
![Page 29: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/29.jpg)
#webclinic#calyptix
AccessEnforcer
![Page 30: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/30.jpg)
#webclinic#calyptix
AccessEnforcer
Simple and powerful UTM firewall for
small and medium business
![Page 31: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/31.jpg)
#webclinic#calyptix
AccessEnforcer
• Features include: – Intrusion detection and prevention (IDS/IPS)
– Unlimited VPN
– Web filter
– Spam filter
– Multi-WAN
– Quality of service (QoS)
– Automatic updates
– GUI-based management
– Many more in the full features list
![Page 32: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/32.jpg)
#webclinic#calyptix
Simplest Reseller Program in the Industry
• The Breakthrough Program 30-day license for monthly service
Includes every security feature
Includes lifetime warranty
Includes unlimited users
Cancel without penalty
No monthly or annual minimum
![Page 33: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/33.jpg)
#webclinic#calyptix
Simplest Reseller Program in the Industry
• Gives your IT business:
Faster profits
Fewer limitations and
headaches
Freedom from annual
renewals
![Page 34: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/34.jpg)
#webclinic#calyptix
AccessEnforcer
www.calyptix.com
Call to learn more about Calyptix
reseller partnership: 704-971-8982
![Page 35: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/35.jpg)
#webclinic#calyptix
Helpful Resources
![Page 36: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/36.jpg)
#webclinic#calyptix
Calyptix Resources
• Marketing flyer for law firms (will send via email)
• Ransomware Prevention: 5 ways to avoid a crisis
– http://www.calyptix.com/malware/ransomware-prevention-5-ways-to-protect-your-business/
• Critroni Ransomware: Decryption not an option
– http://www.calyptix.com/malware/critroni-ransomware-decryption-not-an-option/
• AccessEnforcer: Full features list
– http://www.calyptix.com/wp-content/uploads/2014/09/AE-features-list.pdf
![Page 37: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/37.jpg)
#webclinic#calyptix
Additional Resources
• Cryptolocker Prevention Kit – Third Tier
– http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit/
• More ransomware resources from Third Tier
– http://www.thirdtier.net/?s=crypto
![Page 38: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/38.jpg)
#webclinic#calyptix
Questions
![Page 39: Ransomware: How to avoid a crypto crisis at your IT business](https://reader034.vdocument.in/reader034/viewer/2022051617/55a54a2c1a28ab42198b46cd/html5/thumbnails/39.jpg)
#webclinic#calyptix
Thank you!
www.calyptix.com
Call to learn more about Calyptix
reseller partnership: 704-971-8982