Trends in Ransomware Distribution Todd O’Boyle todd@strongarm.io 25+ years combined at MITRE We’ve been studying Ransomware for the past two years This model is from helping our customers through ransomware attacks
Agenda Ransomware: Why is it working? The Ransomware Attack Cycle How can I protect myself? What’s changing?
Small and midsize businesses are being impacted by malware Problem Small and midsize businesses are being impacted by malware 43% of all attacks hit SMBs 50% of attacks were automated $8,500/per hour Cost associated with ransomware damages
Why is Ransomware Effective? Attackers are making money Low skill requirements Difficulties in investigation and prosecution Making money * Attackers are making staggering amounts of money (millions) * Automation of attacks are allowing fraudsters to scale quickly Skill requirements are lower Ransomware is franchised in a model where the software developer gets a cut Exploit kits are making distribution more effective Operators need less skill than ever before Difficult to investigate Cryptocurrency is making collection of money easier That fact plus the rise in use of “the Dark Web” to collect ransom is making it more difficult to track attackers
The Ransomware Attack Cycle Malware Distribution Targeting Encryption Recovery Phishing Embedded Keys Included Payment Malvertising Downloaded Keys Downloaded Support TODO: Consider the RDP ransomware we saw
How Can I Be Prepared? Malware Distribution Targeting Encryption Recovery User Education Patching Backups Mail Filtering URL Filtering Incident Response Anti-malware Solutions Buy Bitcoin No guarantee that victims will get their files back Paying the ransom is like funding these criminal operations Knowing that a victim will pay makes them a more attractive target One thought I want to leave you with here is that the risk and cost goes up the further to the right of this chart you go.
Improvement in phishing messages What’s Changing? Users clicking less Rise in exploit kits Improvement in phishing messages
Protections getting better What’s Changing? Users clicking less Rise in exploit kits Improvement in phishing messages Protections getting better Web based malware distribution Improvements in ransomware
What’s Changing? Users clicking less Protections getting better Rise in exploit kits Improvement in phishing messages Protections getting better Web based malware distribution Improvements in ransomware Researchers breaking ransomware Stronger key management Lower ransom prices Deleting files when ransom is not paid
What’s Changing? Users clicking less Protections getting better Rise in exploit kits Improvement in phishing messages Protections getting better Web based malware distribution Improvements in ransomware Researchers breaking ransomware Stronger key management Lower ransom prices Deleting files when ransom is not paid Growing cloud adoption Adaptation of ransomware
How Can I Be Prepared? Malware Distribution Targeting Encryption Recovery User Education Patching Backups Mail Filtering URL Filtering Incident Response Anti-malware Solutions Buy Bitcoin No guarantee that victims will get their files back Paying the ransom is like funding these criminal operations Knowing that a victim will pay makes them a more attractive target One thought I want to leave you with here is that the risk and cost goes up the further to the right of this chart you go.
Strongarm Intelligent Malware Protection Simple Get protected in under 10 minutes Prevents Stop malware from doing damage Responds Automates effort of removing malware 100% cloud-based, no hardware or software required Alerts only when real infections are detected
How it works Configure your network to point to Strongarm Strongarm intercepts threats to endpoints, stops damage from attack Strongarm alerts customer, provides details to enable simple remediation
Try Strongarm Free Today https://strongarm.io/ Todd O’Boyle todd@strongarm.io