Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 434 Spring 2019 Lecture 10 Attacks for Profit Ransomeware 1.

Published byMarta Bednářová Modified over 5 years ago

Similar presentations

Presentation on theme: "CSCD 434 Spring 2019 Lecture 10 Attacks for Profit Ransomeware 1."— Presentation transcript:

1 CSCD 434 Spring 2019 Lecture 10 Attacks for Profit Ransomeware 1

2 Introduction Today ... Ransomeware Definition Scope – How bad is it?
Those Responsible Infections Details Clean-up and Prevention

3 Introduction Ransomware
Is a type of malware that takes control over a computer or computer system by encrypting all the data on the drive Data is then held at ransom until a predetermined cost is paid. Due tocryptocurrencies (e.g., bitcoins) for payment it is difficult to track those demanding the ransom making it tough to prosecute

4 Ransomeware Consequences
Financial Ransoms through ransomware continue to grow in costs as ransomware methods become more sophisticated Outside of the ransom, costs due to downtime, recovery, and security maintenance can be considerable Legal Privacy and security negligence may constitute legal ramifications based on state and federal policies and regulations (e.g. HIPAA) Personal lawsuits may be leveled if there is perceived harm

5 Ransomeware Consequences
Reputation Ransomware events have become a hot topic and speak poorly of victims regardless of the exact circumstances Patient’s may be hesitant to initiate or reconsider care if they perceive that a provider is unsafe with their health data Customers of any organization, Bank, store or other company likewise won’t trust their data is safe

6 Who is Targetted by Ransomeware

7

8

9

10 Ransomware on pace to be 1 billion dollar business in 2016
2016 Is a Ransomware Horror Show Ransomware on pace to be 1 billion dollar business in 2016 CNN Money new estimates from FBI show that costs from so-called ransomware have reached an all-time high.  Cyber-criminals collected $209 million in first three months of 2016 by extorting businesses and institutions to unlock computer servers. 10

11 2018 Ransomeware Stats Damages from ransomware are expected to rise to $11.5 billion this year, 2018

12

13

14 History of Ransomeware

15 Ransomeware History

16 A Short History & Evolution of Ransomware
Ransomware attacks cause downtime, data loss, possible intellectual property theft, and ransomware attack is looked at as a possible data breach 16

17

18

19

20 Newest Ransomware And Groups Responsible

21 Groups and Exploits Infamous Shadow Brokers hacker group active since 2016 has been responsible for leaking several NSA exploits, zero-days and hacking tools EternalBlue, is an exploit developed by U.S. National Security Agency (NSA) according to testimony by former NSA employees It was leaked by Shadow Brokers on April 14, 2017 Used as part of worldwide WannaCry ransomware attack on May 12, 2017 Exploit was also used to help carry out the NotPetya attack on June 27, 2017 Also reported to be used as part of Retefe banking trojan since at least September 5, 2017

22 Eternal Blue Description
EternalBlue exploits a vulnerability in Microsoft's Server Message Block (SMB) protocol Vulnerability is known as CVE in Common Vulnerabilities and Exposures (CVE) Database Can you guess what kind of vulnerability? Exists because SMB Version 1 server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on target computer

23 Eternal Blue Description
March 14, 2017, Microsoft issued security bulletin MS17-010, detailing flaw plus announced that patches had been released for all Windows versions Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016 Good Analysis of the Exploit alBlue-RiskSense-Analysis-1-2

24 Scope of Damage via WannaCry
Many Windows users had not installed patches when, on May 12, 2017, WannaCry ransomware attack used EternalBlue vulnerability to spread itself By end of 2018, millions of systems were still vulnerable to EternalBlue This has led to millions of dollars in damages due primarily to ransomware worms WannaCry, NotPetya and BadRabbit Extimated impact of WannaCry, NotPetya and BadRabbit have caused over $1 billion worth of damages in over 65 countries

25 Ransomeware Operation

26

27

28 What Gets Encrypted

29

30 TOR Used to Communicate Announimously

31

32

33

34

35

36 Ransomeware Recovery

37 Steps to Recovery 1 — Isolate the Infection 2 — Identify the Infection
Rate and speed of ransomware detection is critical in combating fast moving attacks before they succeed in spreading across networks and encrypting vital data 2 — Identify the Infection Most often ransomware will identify itself when it asks for ransom There are numerous sites that help identify ransomware, ID Ransomware, ransomware.malwarehunterteam.com/index.php The No More Ransomware! Project provides the Crypto Sheriff sheriff.php?lang=en to help identify ransomware.

38 Steps to Recovery 3 — Report to the Authorities You’ll be doing everyone a favor by reporting all ransomware attacks to the authorities. The FBI urges ransomware victims to report ransomware incidents regardless of the outcome

39 4 — Determine Your Options
Steps to Recovery 4 — Determine Your Options Your options when infected with ransomware are: Pay the ransom Try to remove malware Wipe system(s) and reinstall from scratch It’s generally considered a bad idea to pay the ransom. Paying the ransom encourages more ransomware, and often unlocking encrypted files is not successful In recent survey, more than three-quarters of respondents said their organization is not at all likely to pay ransom in order to recover their data (77%) Only a small minority said they were willing to pay some ransom

40 Steps to Recovery 5 — Restore or Start Fresh
You can try to remove malware from your systems or Wipe your systems and reinstall from safe backups and clean OS and application sources Recommended It’s Best to Wipe All Systems Completely !!! Surest way of being certain that malware or ransomware has been removed from a system is to do a complete wipe of all storage devices and reinstall everything from scratch guide-ransomware/

41 Prevention

42 Ransomware Prevention

43 Ransomware Prevention

44 Ransomware Prevention
3. Operating System Ensure security patching is turned on Use application whitelisting Only known programs allowed to run

45 Ransomware Prevention
4. Hardware

46 Ransomware Prevention
5. User Training

47 Make Sure Backups Work !!! Can actually test your backups periodically to insure they work

48 Summary Each decade there arises a new security threat
70’s, 80’s and into 90’s – Era of the Virus Late 80’s, 90’, 2000 – Era of the Worm 90’s, 2000 and up – Rootkits, Trojans 2010 into today – Ransomeware What’s next?

49 The End

Download ppt "CSCD 434 Spring 2019 Lecture 10 Attacks for Profit Ransomeware 1."

Similar presentations

7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Viruses.

Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.

A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Computer security By Isabelle Cooper.

Computer security By Isabelle Cooper.
Topic 5: Basic Security.

Topic 5: Basic Security.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

Similar presentations

Ads by Google