ransomware 12:00 Juwan harris

What is ransomware? Ransomware is a form of malware that installs itself onto a device Ransomware denies a user access to Their files Their device The user can regain access if they play the ransom This ransom is normally paid in bit coins

History 1989 First ransomware Joseph L. Popp AIDS Trojan 2006 Archievus First ransomware that uses asymmetric encryption 2013 Cryptolocker Spread by compromised website Operation Tovar 2014 Koler First self-propagating ransomware CTB-locker First ransomware that deletes shadow copies

Ransomware trends Ransomware overall are on the rise Spikes represent the release of a new Ransomware

Ransomware trends The amount of ransomware created has been on the rise Mostly due to the success of crypto-ransomware How easy it is to create locks and crypto ransomware

Categories of ransomware Ransomware is divided into four categories Misleading apps- ransomware that pretends to be another app Locker – ransomware that denies user access to their device Ex FBI MoneyPak Fake antivirus – ransomware that pretend to be an antivirus program Ex Security Essentials 2010 Cryto-ransomware – encrypts users files to prevent access to user files. Ex locky

Biggest ransomware Most successful ransomware are the ones that have complex exploit and large phishing campaigns

Tescrypt Alert level severe Copies itself to appdata, userprofile and systemroot folders uses a random seven character name for its exe Changes registry key Encrypts and renames file with a certain extension Also deletes shadow copy Intel has a tool that can decrypt certain files Accesses game related files Store user information to servers

Lockey Encrypt files and renames them to be a .locky file Encrypts network drives Encrypt bit coin files Spread with a huge email campaign Email pretends to be an invoice Changes registry to run on start up Hard coded with the option to not run on Russian pc Removes the windows flag that marks a file downloaded from the internet Has a lot of similarities to Dridex

Chimera Spread through emails encrypts user’s data Publishes users data if the ransom is not paid Keys was leaked

FBI MoneyPak Example of a locker Relies on tricking the users to pay the fine Does not encrypt files Can be remove without the lost of data

Security Essentials 2010/Fakeinit Tries to mimic Microsoft Security Essentials Pretends that other real antivirus and there program are viruses Askes for payment for the full version Monitors web traffic and blocks certain sites

ransomware Attack vectors Exploit kit – attacks by using a vulnerabilities mostly happens by using advertisements Malicious email attachments Portable executable Malicious macro Malicious email link

Ways to protect yourself from ransomware Back up important file Be care on what links you click and email attachment you open Disable files running from AppData/LocalAppData folders Make sure everything is updated Install Microsoft Office viewers Do not pay the ransom Educate other user about ransomware

Who Pays?

Analytic in cyber security Was not seen as a big way to fight cybercrime until recently Uses data created from previous attacks to prevent future ones Question answered by analytic What will happen? What happened? why did it happen? What should you do when this happens?

Evolution of analytics 1.0 (outdated) Released sometime in 2008 Uses Internal company data only Mostly reactive 2.0 current Uses data from outside sources via big data 3.0 leading/future uses machine learning and big data to prevent attacks Proactive

Ransomware target The consumer is the biggest target of ransomware Lack of advance protection, threat analysis, Lack of knowledge on the subject Services are the biggest target organization Has large amount of internet usage Does not require the security protection that finance and utilities need

Hospital as an attack target Hospital faces a large threat from ransomware Lack of centralize network Modernize ER room large amount all ransomware attack target hospitals. Ransomware can deny hospital access to important patient data For example a hospital in California had to pay $17,000 to get a ransomware removed. Another hospital in Texas lost thousands of patient data for failing to pay the ransom.

Future of ransomware attacks Target internet of things devices New ways to infect users

Work cited https://www.proofpoint.com/sites/default/files/quarterly_threat_summary_apr-jun_2016.pdf https://www.engadget.com/2017/04/08/rensenware-ransomware-anime-shooter-game/ https://threatpost.com/new-strain-of-crowti-ransomware-moving-in-i2p-network/110416/ https://securingtomorrow.mcafee.com/mcafee-labs/new-exploit-kits-improve-evasion-techniques/ http://news.softpedia.com/news/cryptowall-teslacrypt-and-locky-are-today-s-top-3-ransomware-threats-501629.shtml https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf https://blog.barkly.com/cyber-security-statistics-2017 https://www.sas.com/en_us/insights/articles/risk-fraud/the-case-for-cybersecurity-analytics.html https://www.datameer.com/company/datameer-blog/challenges-to-cyber-security-and-how-big-data-analytics-can-help/ https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/ https://ichef-1.bbci.co.uk/news/660/cpsprodpb/15ACF/production/_89138788_ransomware.jpg http://www.computerworld.com/article/3105001/security/hackers-demonstrated-first-ransomware-for-iot-thermostats-at-def-con.html