Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ransomware: What is it, How to avoid it and How to protect your data

Published byOctavia Richard Modified over 5 years ago

Similar presentations

Presentation on theme: "Ransomware: What is it, How to avoid it and How to protect your data"— Presentation transcript:

1 Ransomware: What is it, How to avoid it and How to protect your data
National cybersecurity awareness month Ransomware: What is it, How to avoid it and How to protect your data

2 Agenda What is Ransomware What it does How it works Examples
National cybersecurity awareness month Agenda What is Ransomware What it does How it works Examples How to avoid Ransomware How to protect your data Discussion/Questions

3 About Us Arijana Sarkic Security Engineer Brian Markham
National cybersecurity awareness month About Us Arijana Sarkic Security Engineer Brian Markham AVP, Information Security and Compliance Services

4 National cybersecurity awareness month
What is ransomware? Ransomware is a specific type of malware that locks (encrypt) user files and will only unlock (decrypt) those files once a ransom is paid. Can have a devastating impact on an individual or an organization. Many types of Ransomware; rapidly evolving Profitable! (1 BTC = $ USD) First known Ransomware: (1989) AIDS Trojan: distributed via floppy to WHO AIDS conference attendees.

5 National cybersecurity awareness month
How profitable? Between 4/14 and 6/15, the FBI's Internet Crime Complaint Center (IC3) reported $18M in losses1. According to Beazley, 43 ransomware cases at financial institutions in 2015, 86 in first half of The Cyber Threat Alliance reported that in 2015, Cryptowall alone accounted for >406K infections and $325M in damages3. 1 2 3

6 Source: https://blogs. sophos

7 What does ransomware do?
National cybersecurity awareness month What does ransomware do? Each different strain of Ransomware operates differently. Delivery methods: exploit kits, (malicious attachments), drive- by attacks, malvertising. Connects to a remote server to obtain encryption key, encrypts specific files (jpg, doc, xls, pdf, mp3, etc.). Provides instructions and customer service so that victims can easily pay the ransom. Decryption has been observed to not always work, even after the ransom has been paid.

8 Opportunistic vs. targeted Ransomware
National cybersecurity awareness month Opportunistic vs. targeted Ransomware Most Ransomware infections are opportunistic: random people get it via /exploit kits/drive-bys, pay ransom, criminals profit. Targeted Ransomware campaigns: attackers specifically target an organization, exploit weaknesses, install ransomware. Targeted Ransomware specifically designed to infect and cause damage to a specific organization. MedStar Health in 2016, good example of how ransomware impacted operations: Ransom reportedly ~$19,000.

9 National cybersecurity awareness month
At MedStar Washington Hospital Center, one nurse who worked overnight described the situation as difficult. Without access to and computer systems, the medical staff fell back on seldom-used paper records that had to be faxed or hand-delivered. But this nurse and another told The Post that the paper charts are far less comprehensive than those kept in digital form. They can be missing vital pieces of patient information: complete medical histories, every drug prescribed, allergies to medicine and treatment plans. Without the computer systems, they explained, the health-care facilities were operating without a number of essential safeguards meant to hinder mistakes. Washington Post (3/29/2016) Source:

10 Exploit Kit/E-mail Attachment
Operating System Distribution Method Ransom First Detected Cerber 3.0 Exploit Kit 1-2 BTC September 2016 Teslacrypt Compromised Website $500 February 2015 Cryptowall Exploit Kit/ Attachment $ depending on how long it takes the victim to pay June 2014 Zepto (AKA Locky) Attachment .5 BTC June 2016 Kovter Exploit Kit/ Attachment/Malvertising $300 2013 KERanger Infected Transmission Application 1 BTC March 2016

11 ZCryptor Encrypts and self-propagates
National cybersecurity awareness month ZCryptor Encrypts and self-propagates Not spread through or exploit kits. Initial infection through fake software installer (like Adobe Flash) or a malicious Microsoft Office macro. Once on a system, the Ransomware behaves like a worm infecting other network stores. 1.2 to 5 BTC for ransom

12 SamSAM Targeted ransomware, specifically on health care industry.
National cybersecurity awareness month SamSAM Targeted ransomware, specifically on health care industry. Not spread through or exploit kits. Compromise a server to gain initial foothold, move laterally across network to infect more machines. No command and control necessary, malware is self- sufficient. Affects Windows Vista and newer. Source:

13 Cerber v3

14 Cryptowall

15 Zepto (Locky)

16 KeRanger

17 How to avoid ransomware
National cybersecurity awareness month How to avoid ransomware Back up your files (store backups offline). Employ practices that reduce your chances of getting ransomware on your computer.

18 How to protect your data
National cybersecurity awareness month How to protect your data Back up your files! Disconnect removable storage when not in use. Many options: Removable storage (USB); macOS Time Machine to external drive; Windows 10 File History to external drive; and Third-Party services (Backblaze, Crash Plan).

19 How to avoid ransomware
National cybersecurity awareness month How to avoid ransomware Many of the same tactics used to avoid malware. Be conscious of what you download: Torrents; and Untrustworthy software. attachments. Malicious Websites.

20 How to avoid ransomware
National cybersecurity awareness month How to avoid ransomware Do not enable macros in Microsoft Office. Apply updates to OS, browser, web plug-ins. Use Symantec Endpoint Protection (known malware protection): Free download from it.gwu.edu. Ransomwhere? by Patrick Wardle (objective-see.com) for macOS.

21 Should i pay the ransom? NO Paying the ransom:
National cybersecurity awareness month Should i pay the ransom? NO Paying the ransom: Tells attackers that the campaign is working; Incentivizes future Ransomware campaigns; and Leads to more/better Ransomware over time.

22 Discussion/Questions?

Download ppt "Ransomware: What is it, How to avoid it and How to protect your data"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Unit 19 INTERNET SECURITY

Unit 19 INTERNET SECURITY
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
The Strickland Group Founded in 2001 25 employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.

The Strickland Group Founded in employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.

Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Types of Electronic Infection

Types of Electronic Infection
A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.

A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Module 2.2 1. 2  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.

What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Similar presentations

Ads by Google