1. Trends in Ransomware Distribution
Todd O’Boyle
25+ years combined at MITRE
We’ve been studying Ransomware for the past two years
This model is from helping our customers through ransomware attacks

2. Agenda Ransomware: Why is it working? The Ransomware Attack Cycle
How can I protect myself?
What’s changing?

3. Small and midsize businesses are being impacted by malware
Problem
Small and midsize businesses are being impacted by malware
43%
of all attacks hit SMBs
50%
of attacks were automated
$8,500/per hour
Cost associated with ransomware damages

4. Why is Ransomware Effective?
Attackers are
making money
Low skill
requirements
Difficulties in
investigation and
prosecution
Making money
* Attackers are making staggering amounts of money (millions)
* Automation of attacks are allowing fraudsters to scale quickly
Skill requirements are lower
Ransomware is franchised in a model where the software developer gets a cut
Exploit kits are making distribution more effective
Operators need less skill than ever before
Difficult to investigate
Cryptocurrency is making collection of money easier
That fact plus the rise in use of “the Dark Web” to collect ransom is making it more difficult to track attackers

5. The Ransomware Attack Cycle
Malware
Distribution
Targeting
Encryption
Recovery
Phishing
Embedded
Keys
Included
Payment
Malvertising
Downloaded
Keys
Downloaded
Support
TODO: Consider the RDP ransomware we saw

6. How Can I Be Prepared? Malware Distribution Targeting Encryption
Recovery
User
Education
Patching
Backups
Mail
Filtering
URL
Filtering
Incident
Response
Anti-malware
Solutions
Buy
Bitcoin
No guarantee that victims will get their files back
Paying the ransom is like funding these criminal operations
Knowing that a victim will pay makes them a more attractive target
One thought I want to leave you with here is that the risk and cost goes up the further to the right of this chart you go.

7. Improvement in phishing messages
What’s Changing?
Users clicking less
Rise in exploit kits
Improvement in phishing messages

8. Protections getting better
What’s Changing?
Users clicking less
Rise in exploit kits
Improvement in phishing messages
Protections getting better
Web based malware distribution
Improvements in ransomware

9. What’s Changing? Users clicking less Protections getting better
Rise in exploit kits
Improvement in phishing messages
Protections getting better
Web based malware distribution
Improvements in ransomware
Researchers breaking ransomware
Stronger key management
Lower ransom prices
Deleting files when ransom is not paid

10. What’s Changing? Users clicking less Protections getting better
Rise in exploit kits
Improvement in phishing messages
Protections getting better
Web based malware distribution
Improvements in ransomware
Researchers breaking ransomware
Stronger key management
Lower ransom prices
Deleting files when ransom is not paid
Growing cloud adoption
Adaptation of ransomware

11. How Can I Be Prepared? Malware Distribution Targeting Encryption
Recovery
User
Education
Patching
Backups
Mail
Filtering
URL
Filtering
Incident
Response
Anti-malware
Solutions
Buy
Bitcoin
No guarantee that victims will get their files back
Paying the ransom is like funding these criminal operations
Knowing that a victim will pay makes them a more attractive target
One thought I want to leave you with here is that the risk and cost goes up the further to the right of this chart you go.

12. Strongarm Intelligent Malware Protection
Simple
Get protected in under 10 minutes
Prevents
Stop malware from doing damage
Responds
Automates effort of removing malware
100% cloud-based, no hardware or software required
Alerts only when real infections are detected

13. How it works Configure your network to point to Strongarm
Strongarm intercepts threats to endpoints, stops damage from attack
Strongarm alerts customer, provides details to enable simple remediation

14. Try Strongarm Free Today https://strongarm.io/
Todd O’Boyle