Mitigating Ransomware Good Morning everyone. My name is James Reece and I am the Network Manager for Portland Community College. Little bit about me…I have a bachelors' in Computer Science with a focus in network communication and I have been in enterprise networking most of my 15 years in IT. I have worked for Department of Defense, Army, Intel, and again currently at PCC. Presented by James Reece Portland Community College Confidential

Recent organizations effected by Ransomware What is ransomware History of ransomware Recent organizations effected by Ransomware Dangers of paying ransomware Organizational approach to ransomware mitigation Today I will be taking you on a journey towards mitigating Ransomware. We will talk cover these different topics on our journey: -What is Ransomware? -History of Ransomware -Dangers of paying Ransomware -Mitigating Ransomware from an organization approach -Mitigating Ransomware from an end user approach The Journey towards mitigating Ransomware Portland Community College Confidential

A type of software designed to block access to a computer system until a sum of money is paid. Picture for Wired What is Ransomware? Portland Community College Confidential

A little history about Ransomware. In 1989, Joseph L A little history about Ransomware. In 1989, Joseph L. Popp created the AIDS Trojan considered by most to be the first ransomware software. It was distributed by the World Health Organization by disc during an international AIDS conference. It is widely believe the first record incident involving remote delivery was in 2005 with Gpcoder in Russa. Over the past 11 years, Ransomware has evolved from one unique program to over 100 different variations in 2016. History of Ransomware Portland Community College Confidential

Recent Organizations effected by Ransomware University of Calgary - $15,780 Kansas Heart Hospital - $17,000 California Hollywood Presbyterian Medical Center - $17,000 Collinsville, Alabama, Police Department – Loss of Data Cyber attacks and ransomware specifically have appeared more frequently in the news and media. Here is a few examples in the last couple of years. Just to name a few… BBC reports in June 2016, that the University of Calgary payed hackers 15,780 USD worth of bitcoins to decrypt critical. Healthcare IT News reports that Kansas Heart Hospital paid 17,000 USD to have critical data decrypted. NBC news reports California Hollywood Presbyterian Medial Center paid 17,000 USD as well. NBC news the second possible out come with loss of data from the Collinsville Police Department in Alabama. The Portland FBI and Homeland security field departments have estimated about 17,000 northwest business have been effected this year alone by ransomware. Recent Organizations effected by Ransomware Portland Community College Confidential

- No Guarantee they will give you the key to unlock your data. - Once you have paid, you are considered a soft target for repeatable attacks. - Fuels Cyber criminals to develop more sophisticated ransomware. So what are the dangers of paying ransomware? Dangers of Paying Ransomware? Portland Community College Confidential

Prevent Contain Respond Three main stages of Ransomware mitigation There are three main stages/pieces required for ransomware mitigation: Prevent Contain Respond With in these we need a communications strategy and a technical strategy to help mitigate ransomware Three main stages of Ransomware mitigation Portland Community College Confidential

Prevent Communication/interaction Strategy: End user Training Videos/Articles Workshops IT/Community interaction On going collaboration between IT and community Review of infection strategy and policy Organizational approach to mitigating ransomware Portland Community College Confidential

Prevent Technical strategy Email Security Intrusion Prevention Browser Protection Regular updates/patches for OS or software Offsite & Secondary Backup solution Organizational approach to mitigating ransomware Portland Community College Confidential

Communication/interaction Strategy: Contain Communication/interaction Strategy: Communicate that a virus is on the network. Communicate with the effected end host user to contain the system. Organizational approach to mitigating ransomware Portland Community College Confidential

Contain Technical strategy Network Anti-Virus/Anti-Bot End point Anti-Virus/Malware Periodic Penetration testing Periodic End point scans Threat Emulator Organizational approach to mitigating ransomware Portland Community College Confidential

Respond Communication/interaction Strategy: Communicate with end user(s) about the status of system. Work with End user(s) to launch an investigation into the cause of the infection. Community with Community to avoid infecting other systems with the same Virus. Organizational approach to mitigating ransomware Portland Community College Confidential

Respond Technical strategy Disconnect the system from the network. Scan system for Ransomware Remediate Full restore from previous back up solution Organizational approach to mitigating ransomware Portland Community College Confidential