Presentation is loading. Please wait.

Presentation is loading. Please wait.

So… what is ransomware? #SPICECORPS.

Published byBrigitte Mathilde Lesage Modified over 6 years ago

Similar presentations

Presentation on theme: "So… what is ransomware? #SPICECORPS."— Presentation transcript:

1 So… what is ransomware? #SPICECORPS

2 #SPICECORPS

3 POLL: Who’s been hit by ransomware?
#SPICECORPS

4 How an exploit kit works
#SPICECORPS

5 Spiceworks surveyed over 300 IT pros about ransomware… here’s what we found...
#SPICECORPS

6 #SPICECORPS

7 #SPICECORPS

8 #SPICECORPS

9 Now switching gears a bit… shout it out: What’s the difference between ransomware and regular malware? #SPICECORPS

10 #SPICECORPS

11 Shout it out if you know: What are examples of ransomware?
What are the most notorious strains?(hint: Cryptowall & Cryptolocker) #SPICECORPS

12 Has anyone experienced Cryptowall?
Has anyone experienced Cryptolocker? #SPICECORPS

13 #SPICECORPS

14 #SPICECORPS

15 Has anyone here experienced ransomware other than Cryptolocker and/or Cryptowall?
#SPICECORPS

16 To pay, or not to pay? THAT IS THE QUESTION…
#SPICECORPS

17 A lot of people say to pay because it’s quick to get files unlocked
Others say DO NOT pay What would you do / what have you done? #SPICECORPS

18 AND… How can you protect against ransomware?
First step: Look it in the face like so: AND… #SPICECORPS

19 Here are 11 ways to prevent it…
#SPICECORPS

20 #SPICECORPS 1. Back up your data (duh)
2. Show hidden file-extensions One way Cryptolocker frequently arrives is in a file that is named with the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions. If you re-enable the ability to see the full file-extension, it can be easier to spot suspicious files. 3. Filter EXEs in If your gateway mail scanner has the ability to filter files by extension, you may wish to deny mails sent with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (“*.*.EXE” files, in filter-speak). If you do legitimately need to exchange executable files within your environment and are denying s with “.EXE” files, you can do so with ZIP files (password-protected, of course) or via cloud services. #SPICECORPS

21 4. Disable files running from AppData/LocalAppData folders Create rules within Windows or with Intrusion Prevention Software, to disallow a particular, notable behavior used by Cryptolocker, which is to run its executable from the App Data or Local App Data folders. 5. Use the Cryptolocker Prevention Kit This kit automates the process of making a Group Policy to disable files running from the App Data and Local App Data folders, as well as disabling executable files from running from the Temp directory of various unzipping utilities. This tool updates as new techniques are discovered for Cryptolocker, so you will want to check in periodically to make sure you have the latest version. If you need to create exemptions to these rules, they provide this document that explains that process. 6. Disable RDP The Cryptolocker/Filecoder malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely. If you do not require the use of RDP, you can disable RDP to protect your machine from Filecoder and other RDP exploits. For instructions to do so, visit the appropriate Microsoft Knowledge Base article: Windows XP RDP disable | Windows 7 RDP disable | Windows 8 RDP disable #SPICECORPS

22 7. Patch or Update your software Update your software often
7. Patch or Update your software Update your software often. Some vendors release security updates on a regular basiis, but there are often “out-of-band” or unscheduled updates in case of emergency. Enable automatic updates if you can, or go directly to the software vendor’s website, as malware authors like to disguise their creations as software update notifications too. 8. Use a reputable security suite It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. 9. Disconnect from WiFi or unplug from the network immediately 10. Use System Restore to get back to a known-clean state 11. Set the BIOS clock back Cryptolocker has a payment timer that is generally set to 72 hours, after which time the price for your decryption key goes up significantly. You can “beat the clock” somewhat, by setting the BIOS clock back to a time before the 72 hour window is up. #SPICECORPS

Download ppt "So… what is ransomware? #SPICECORPS."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Cyber Patriot Training

Cyber Patriot Training
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.

Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Windows 2003 Installation/Upgrade and Update. Checking Compatibility Supported Upgrade paths Using the MS Windows Upgrade Advisor HCL (Hardware Compatibility.

Windows 2003 Installation/Upgrade and Update. Checking Compatibility Supported Upgrade paths Using the MS Windows Upgrade Advisor HCL (Hardware Compatibility.
C HAPTER 2 Introduction to Windows XP Professional.

C HAPTER 2 Introduction to Windows XP Professional.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Kaspersky Small Office Security INTRODUCING New for 2014!

Kaspersky Small Office Security INTRODUCING New for 2014!
Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.

Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.
Information Systems Design and Development Security Precautions Computing Science.

Information Systems Design and Development Security Precautions Computing Science.

Similar presentations

Ads by Google