the rise of ransomwarecdn-cms.f-static.com/uploads/164655/normal_590868ab08377.pdf · the rise of...
TRANSCRIPT
The Rise of Ransomware
Rani Hmayssi Regional Manager , Emerging markets
Cyber Security Solutions
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
What is Ransomware Ransomware is not a single family of malware, but a criminal business model in which malicious software is used to hold something of value for ransom
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
The First Ransomware Attack – AIDS Trojan
Source: PaloAltoNetworks.com/solutions/initiatives/ransomware
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
44% Victims Paid Up
$325M Estimated Damages
Across the Globe
30.7% Exploit Delivery
CryptoWall v3 Investigation
Source: http://go.paloaltonetworks.com/cryptowall
Palo Alto Networks
Intel Security Symantec Fortinet
Co-Founded by
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Unique samples of crypto ransomware
collected in Palo Alto Networks WildFire Threat Intelligence
Cloud.
1M+ Families of crypto
ransomware tracked in Palo Alto Networks
AutoFocus threat analysis service.
30+
WildFire Demonstrates the Shortcomings of Current Approach
8 | ©2016, Palo Alto Networks. Confidential and Proprietary.
*Average monthly values as of January 2016. Source: Palo Alto Networks WildFire and Multi-Scanner
Of the malware files seen by WildFire each month are
detected by the top 6 enterprise AV
vendors*.
37.5% 71.9M
5.3M
2.0M All Files Malicious Detected by AV
Dealing with Ransomware
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Preparation Prevention Response
To Prevent Ransomware:
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
1. Attack Vectors
2. Delivery Methods
3. How to Block
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
1. A
ttac
k Ve
ctor
s
Exploits Exec Macros
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Exploit Kits
Email Attachments
2. D
eliv
ery
Met
hods
Drive-by Downloads
A Ransomware Email That I Received on my Personal Email
More Sophisticated Ransomware Examples
14 | © 2015, Palo Alto Networks. Confidential and Proprietary.
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
3. H
ow t
o B
lock
Multiple Attack Vectors
Multiple Delivery Methods
Perimeter
Cloud/SaaS
Endpoints
16 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Reduce Attack
Surface
3. H
ow t
o B
lock
Prevent Known Threats
Prevent Unknown Threats
17 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Reduce Attack
Surface
Block unknown traffic
Stop dangerous file types
Block malicious URLs
Evaluate encrypted traffic
Extend zero-trust policies to endpoints
Block dangerous file types
Disallow non-org access
Extend threat
intelligence from
network to SaaS apps
to endpoints
18 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Prevent Known Threats
Block storage or transmission of files containing exploits
Scan cloud storage & SaaS apps for malicious files
Block all known exploits
Block execution of known malware
Stop known exploits, malware & command-
and-control traffic
Block malicious URLs
Extend threat
intelligence from
network to SaaS apps
to endpoints
19 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Prevent Unknown Threats
Block all unknown and zero-day exploits
Block execution of unknown malware
Control unknown traffic
Detect and prevent threats in unknown
files and URLs
Add context to threats and create proactive
protections
Scan cloud storage & SaaS apps for malicious files
Extend threat
intelligence from
network to SaaS apps
to endpoints
20 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Exploit Kits Email Attachments Drive-by Download
Network & Perimeter
✓… ✓... ✓...
✓... ✓... ✓...
✓... ✓... ✓...
SaaS Applications
✓... ✓... ✓...
✓... ✓... ✓...
✓... ✓... ✓...
Endpoint
✓... ✓... ✓...
✓... ✓... ✓...
✓... ✓... ✓...
Automated Ransomware Prevention Across
Multiple Attack Vectors and Delivery Methods is Only Possible with an Integrated
Security Platform
Looking at Another Industry Trying to Protect Their Assets
21 | © 2015, Palo Alto Networks. Confidential and Proprietary.
22 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Contain Stop Thief from entering Pray you made the right choice
Someone breaks into your safe
Alarm turns on
23 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Remediation Prevention It’s only a matter of time to find out
Ransmoware attack succeeds
You find out that files are
encrypted
Where would you prefer to be?
“Intellectuals solve problems. Geniuses PREVENT them.”
-Albert Einstein
THANK YOU