Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Ransomware

Published byDwayne Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Encryption Ransomware"— Presentation transcript:

1 Encryption Ransomware

2 What is Ransomware? Type of malware Encrypts/locks files
Holds files for ransom Can affect: PC “Internet of Things” devices Removable media Devices on network Type of malware Malware is any software that is designed to harm your device or network. Encrypts/locks files Encryption makes files inaccessible without a “key”. In the case of a ransomware attack, the only person with the key is the attacker. Holds files for ransom Attackers offer to return/unlock your files only after a ransom has been paid. Can affect: PC “Internet of Things” devices Removable media Devices on network

3 How Do I Get Ransomware? Spam & phishing emails
On the web (malicious ads & P2P) Unpatched security vulnerabilities Spam & phishing s Spam and phishing s are the most common vector for a ransomware attack. Often paired with other malware. On the web (malicious ads & P2P) Opportunistic attackers may use compromised websites and torrenting/file-sharing sites to distribute ransomware. Unpatched security vulnerabilities Significant ransomware campaigns like “WannaCry” and “not-Petya” used vulnerabilities in operating systems/software to distribute malware.

4 Why Should You Be Concerned?
IT’S COMMON. 37% of phishing attacks contained ransomware. [1] IT’S EXPENSIVE. Losses in 2016 topped $1 billion. [1] IT’S GLOBAL. 200k+ victims, 150+ countries [2] It’s common. Ransomware was found in 37% of phishing attacks analyzed by PhishMe for a study in 2016. It’s expensive In 2016, ransomware-related attacks resulted “in estimated losses of well over $1 Billion”, according to researchers at PhishMe. Several studies anticipate an even higher number in 2017 and beyond. It’s global. In 2017, the massive WannaCry Ransomware attack impacted at least 200,000 victims in at least 150 countries, and this was just one major attack among many. (per Europol)

5 Recognizing Ransomware
Phishing s 1 2 3 Recognizing Ransomware: Phishing s. Phishing s are one of the most common ways that ransomware is spread. Look out for the following indicators of a phish: Impersonation of known companies, products or brands. Appeals to urgency or strong emotions like greed or fear (e.g. “I am afraid that someone may have access to my password.”) Prompts you to download an unsolicited file attachment or click on an unsolicited hyperlink. Image courtesy of PhishMe’s “Malware Year-in-Review: 2016”.

6 Recognizing Ransomware
Forged Websites 1 2 3 Recognizing Ransomware: Forged Websites. Phishing s are often paired with forged websites that are designed to trick you into downloading malware: Impersonation of known companies, products or brands. Strange domain that does not match a known or bookmarked domain for the company, product, or brand (see address in address bar, which is not a known Google URL). Dangerous file type: Be careful with .exe files or other executable and script files, which can execute malicious code when run. Image courtesy of PhishMe’s “Malware Year-in-Review: 2016”.

7 Recognizing Ransomware
Payment Site 1 2 Recognizing Ransomware: Payment Site. If your device is infected with ransomware, you will be directed to some sort of payment site, depending on the type of ransomware. At this point, your first instinct might be to pay, but you should keep your cool and follow the instructions later in this presentation. The site will typically notify you that your files are encrypted. The site will demand that you pay a ransom in order to receive access to your files. Image courtesy of PhishMe’s “Malware Year-in-Review: 2016”.

8 Costs of Ransomware To the individual: Time Corruption or loss of data
Typically <$1000 US To the individual: Time Time spent restoring data or dealing with the fallout Time spent securing other accounts to prevent further infection Corruption or loss of data Any personal or work data on your device may be compromised Typically <$1000 USD Ransom is typically demanded in Bitcoin format, and attackers usually request less than $1000 USD for an individual/non-enterprise target.

9 Costs of Ransomware To the enterprise: Time Corruption or loss of data
Suspension of service Reputation Legal implications Thousands/millions of dollars To the enterprise: Time How many hours are wasted cleaning up the infection and dealing with the fallout? Corruption or loss of data Affected data may include sensitive and private customer data as well as intellectual property and private business dealings. Suspension of service Unable to use infected devices, an entire business operation may be shut down temporarily by the ransomware Example: Healthcare providers may be unable to provide critical care to sick and injured patients Reputation A loss of reputation may impact future business dealings and have tangible (financial) effects. Legal implications Customers and other third parties whose data is put at risk may sue. Thousands/millions of dollars Depends on the number of machines infected, the ransom demanded, and whether or not the organization ultimately pays the ransom

10 Preventing Ransomware Infections
Avoid suspicious file attachments & links Say no to executables, scripts, macros Browse carefully Keep software up-to-date Avoid suspicious attachments & links Do you know the sender? Was it solicited? Were you expecting an attachment? Say no to executables, scripts, macros Executables and scripts can be used to run or download malicious programs Enabling macros in Office attachments allows attackers to download malicious programs to your device Browse carefully Exercise general caution Avoid adult or other unsavory sites Avoid peer-to-peer file sharing sites Examine hyperlinks carefully before clicking Use bookmarks to navigate to frequently-used sites Keep software up-to-date Software patches can be used to close security vulnerabilities Massive ransomware campaigns “Wannacry” and “not-Petya”, both in 2017, exploited security vulnerabilities in Windows machines that had already been patched. Only those without the patch were affected.

11 Back It Up! Back up files regularly Keep redundant backups if possible
Disconnect backups when not in use Back up files regularly: Back up your system periodically (once every week or other week, for example) Back up of sensitive and important files as frequently as possible (daily/weekly) to minimize loss Keep redundant backups if possible: Check with company policy, but keep a backup in the cloud and on a physical device (removable hard drive) if possible Disconnect backups when not in use Advanced ransomware can spread to removable media and networked devices, and leave ransomware and other malware in some cases

12 If It Happens to You… Disconnect from network and power
Eject physical media (flash drives, etc.) Report incident immediately Disconnect from network and power This can slow or halt the spread of the malware, and prevent it from copying to other devices on the network Eject physical media Physical media can be impacted by ransomware so removing it may slow or halt the spread of the malware Report the incident immediately Notify your supervisor or information technology response team as soon as you suspect that you’ve been targeted by an attack or fallen victim.

13 Should You Pay the Ransom?
Paying ransom is risky No guarantees Files may still be corrupted May leave other malware behind Prevention is the best cure Paying ransom is risky For reasons listed below… No guarantees In some cases, ransomware attackers have shown no interest in restoring the files Karo ransomware attackers, for example, threatened to release sensitive/private info, and hoped the emotional appeal would motivate payment Files may still be corrupted If an entire drive is infected by ransomware, you may pay the ransom only to restore corrupted files You’ll still have lost your money May leave other malware behind Some ransomware campaigns have dropped other malware as well, like banking Trojans. It’s dangerous to assume you’re safe after paying the ransom Remember, these are cyber criminals who’ve already attacked your security. Prevention is the best cure If you keep regular backups, you may be able to simply restore your data at the expense of only a few very recent files.

14 Stop Ransomware by Reporting Threats
Report any suspected threats Help stop attacks Protect your co-workers Protect customer data Report It! Report any suspected threats Prompt reporting allows our IT team or security provider to respond before more damage is done Help stop attacks Protect your co-workers If they’ve targeted you, they may have also targeted other people that you work with or for. Protect customer data Any successful cyber attack puts sensitive customer data at risk. Prompt reporting satisfies an obligation to our customers by doing our best to prevent the loss or breach of sensitive information.

15 Related Resources [1] – Malware Year-in-Review: 2016, PhishMe. [2] – The massive global cyberattack affecting 200,000 victims will cause more chaos on Monday, Business Insider.

Download ppt "Encryption Ransomware"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Computer Viruses.

Computer Viruses.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
This Is A PowerPoint Presentation On Computer Viruses. This Presentation Will Show You What Can Be Done To Deal With The Viruses. Mr Owen 10C.

This Is A PowerPoint Presentation On Computer Viruses. This Presentation Will Show You What Can Be Done To Deal With The Viruses. Mr Owen 10C.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is Spam? d 0-0.49 min.

What is Spam? d min.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands 100 200 300 400 500RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Similar presentations

Ads by Google