Download presentation
Presentation is loading. Please wait.
1
ransomware 12:00 Juwan harris
2
What is ransomware? Ransomware is a form of malware that installs itself onto a device Ransomware denies a user access to Their files Their device The user can regain access if they play the ransom This ransom is normally paid in bit coins
3
History 1989 First ransomware Joseph L. Popp AIDS Trojan 2006
Archievus First ransomware that uses asymmetric encryption 2013 Cryptolocker Spread by compromised website Operation Tovar 2014 Koler First self-propagating ransomware CTB-locker First ransomware that deletes shadow copies
4
Ransomware trends Ransomware overall are on the rise
Spikes represent the release of a new Ransomware
5
Ransomware trends The amount of ransomware created has been on the rise Mostly due to the success of crypto-ransomware How easy it is to create locks and crypto ransomware
6
Categories of ransomware
Ransomware is divided into four categories Misleading apps- ransomware that pretends to be another app Locker – ransomware that denies user access to their device Ex FBI MoneyPak Fake antivirus – ransomware that pretend to be an antivirus program Ex Security Essentials 2010 Cryto-ransomware – encrypts users files to prevent access to user files. Ex locky
7
Biggest ransomware Most successful ransomware are the ones that have complex exploit and large phishing campaigns
8
Tescrypt Alert level severe
Copies itself to appdata, userprofile and systemroot folders uses a random seven character name for its exe Changes registry key Encrypts and renames file with a certain extension Also deletes shadow copy Intel has a tool that can decrypt certain files Accesses game related files Store user information to servers
9
Lockey Encrypt files and renames them to be a .locky file
Encrypts network drives Encrypt bit coin files Spread with a huge campaign pretends to be an invoice Changes registry to run on start up Hard coded with the option to not run on Russian pc Removes the windows flag that marks a file downloaded from the internet Has a lot of similarities to Dridex
10
Chimera Spread through emails encrypts user’s data
Publishes users data if the ransom is not paid Keys was leaked
11
FBI MoneyPak Example of a locker
Relies on tricking the users to pay the fine Does not encrypt files Can be remove without the lost of data
12
Security Essentials 2010/Fakeinit
Tries to mimic Microsoft Security Essentials Pretends that other real antivirus and there program are viruses Askes for payment for the full version Monitors web traffic and blocks certain sites
13
ransomware Attack vectors
Exploit kit – attacks by using a vulnerabilities mostly happens by using advertisements Malicious attachments Portable executable Malicious macro Malicious link
14
Ways to protect yourself from ransomware
Back up important file Be care on what links you click and attachment you open Disable files running from AppData/LocalAppData folders Make sure everything is updated Install Microsoft Office viewers Do not pay the ransom Educate other user about ransomware
15
Who Pays?
16
Analytic in cyber security
Was not seen as a big way to fight cybercrime until recently Uses data created from previous attacks to prevent future ones Question answered by analytic What will happen? What happened? why did it happen? What should you do when this happens?
17
Evolution of analytics
1.0 (outdated) Released sometime in 2008 Uses Internal company data only Mostly reactive 2.0 current Uses data from outside sources via big data 3.0 leading/future uses machine learning and big data to prevent attacks Proactive
18
Ransomware target The consumer is the biggest target of ransomware
Lack of advance protection, threat analysis, Lack of knowledge on the subject Services are the biggest target organization Has large amount of internet usage Does not require the security protection that finance and utilities need
19
Hospital as an attack target
Hospital faces a large threat from ransomware Lack of centralize network Modernize ER room large amount all ransomware attack target hospitals. Ransomware can deny hospital access to important patient data For example a hospital in California had to pay $17,000 to get a ransomware removed. Another hospital in Texas lost thousands of patient data for failing to pay the ransom.
20
Future of ransomware attacks
Target internet of things devices New ways to infect users
21
Work cited
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.