understanding economic motivation behind ransom attacks
play

Understanding Economic Motivation behind Ransom Attacks Fyodor - PowerPoint PPT Presentation

May 19, 2023 •36 likes •446 views

Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher | HITCON Review Board Member Agenda Evolution of Ransom Attacks Where is the Profit? What are the Margins? Conclusions How it started

  1. Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher | HITCON Review Board Member

  2. Agenda • Evolution of Ransom Attacks • Where is the Profit? What are the Margins? • Conclusions

  3. How it started

  4. Social Engineering: FAKE AV

  5. It is all about monetization “For financial needs of any level of dirtiness - SIM + A/C + Passport Copy”

  6. Ransom done wrong give me 13439849038409238 dollars

  7. Ransom done right (scalability is important) 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD

  8. old days August 2010: 300 ruble per unlock. 500M annual income, over 1M victims

  9. Getting paid was a challenge

  10. probing international market

  11. 2013 - BITCOIN AGE EVERYONE IS A TARGET! https://blockchain.info/address/ 18iEz617DoDp8CNQUyyrjCcC7XCGDf5SVb

  12. Ransom4bc nsightful commenter:

  13. biz is good

  14. crypto locker Prices - March - 2017

  15. 340USD is the price for source code, Watson !!

  16. only 30k Only 600USD Does not work in ex-USSR countries

  17. builder sale - only $300

  18. crypto locker builder

  19. builder - nice UI :)

  20. ⽔氵⽔氵⽔氵 :)

  22. http://www.ksl.com/?sid=43357235

  23. Also redis, mongo, ES

  24. Armada Collective

  25. Booters Arbor Network Report on DDoS: less than 60 min 90% less than 1 Gbps 84%

  26. booters are cheap Essyn.Club Stresser exotic-power.pw Stresser ipstressing.xyz Stresser blunter.black demonic.io Fruitstresser.net ipstressing.ga

  27. vDos Stresser

  28. related research work

  29. Business is good, learn and replicate Kadyrovtsi Stealth Ravens “fake”Armada Collective Use fame of MIRAI to make it sound scary

  30. copy cats Easy to Reproduce, bet on scare-tactics, better win ratios than in CASINO!

  31. Copycats are prevalent

  32. Extortion by Business Peers DDoS and sell a Security Product = PROOFFIITT !;)

  33. It is all about money Bitcoin makes it easy! Anonymous, Global Everything can be “for RANSOM” NOW where are we heading to ..?!

  34. also for mobile https://www.youtube.com/watch?v=W_B7uXNTNVg

  36. Mobile (control panel)

  37. browser locker

  38. 600 MLN of Rubles :) http://news.tut.by/society/483103.html

  39. Everything “SMART”gets pwn3d already:)

  40. So why Ransom is “HOT”? • Accessibility and Affordability of Ready-to-Use Technologies • Low entry barrier - Tools come with UI, support. All you need is to learn how to send ransom emails :) • High value and acceptable cost for a victim • Endless scalability and ease of reproduction for ransom cases PROFFFFFIT!!!

  41. Questions? fyodor_yarochkin@trendmicro.com

Recommend

What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies

What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies

What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies for Addressing Them September 13, 2019 What To Do When Your Company Is Held For Ransom: The Latest in Ransomware Attacks and Strategies for

58 views • 3 slides
09/20/2013 Kidnap & Ransom: Understanding the Risk Christopher Arehart AVP, Senior Product

09/20/2013 Kidnap & Ransom: Understanding the Risk Christopher Arehart AVP, Senior Product

09/20/2013 Kidnap & Ransom: Understanding the Risk Christopher Arehart AVP, Senior Product Specialist Crime, Kidnap Ransom, & Workplace Violence Goals for the Discussion Define and distinguish different types of kidnapping risk

283 views • 5 slides
Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

WLCG Group Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security Workshop, Taiwan. 1 Overview Underground market The main motive behind most security attacks: money. 3 Exposure and motivation Grids

434 views • 25 slides
Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing History 1989 AIDS TROJAN DISK distributed/infected via floppy disk developer was caught and put into jail 2005 first internet attack

748 views • 54 slides
Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced Persistent Threats (APT) Cybercriminals, Exploits and Malware Denial of Service attacks (DDoS) Domain name hijacking Corporate

347 views • 13 slides
Hacking in C hic 1 About this course: topics & goals Standard ways in which software

Hacking in C hic 1 About this course: topics & goals Standard ways in which software

Hacking in C hic 1 About this course: topics & goals Standard ways in which software can be exploited understanding how such attacks work understanding what makes these attacks possible doing some attacks in practice

1.17k views • 16 slides
Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June

Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June

Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June 2010 Jason Milletary Topics What is a Man-in-the-Browser Attack? How are they used? How can I identify and mitigate when they are

207 views • 18 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

836 views • 45 slides
Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks Simon Oya ,

Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks Simon Oya ,

Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks Simon Oya , Carmela Troncoso and Fernando Prez-Gonzlez In Introduction. Mix ixes. MIX The adversary is able to learn Alices sending profile!!! 2 In

219 views • 17 slides
Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU Darmstadt Joint work with Cristian Staicu (TU Darmstadt) and Ben Livshits (Microsoft Research, Redmond) 1 Why JavaScript? Relevant and challenging

520 views • 48 slides
Synode: Understanding and Automatically Preventing Injection Attacks on Node.js Cristian-Alexandru

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js Cristian-Alexandru

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js Cristian-Alexandru Staicu 1 Michael Pradel 1 Ben Livshits 2 1 TU Darmstadt 2 Imperial College London, Brave Software February 20, 2018 This Talk Node.JS and

492 views • 47 slides
Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks Giovanni

Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks Giovanni

Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks Giovanni Camurati*, Aurlien Francillon*, Franois-Xavier Standaert** *EURECOM, **Universit catholique de Louvain Who am I? Giovanni Camurati Ph.D. Student at

1.27k views • 94 slides
DONT USE THE M WORD Tania Dastres and Marcus Ransom RMIT University Thanks to Hashtag : #xw14

DONT USE THE M WORD Tania Dastres and Marcus Ransom RMIT University Thanks to Hashtag : #xw14

DONT USE THE M WORD Tania Dastres and Marcus Ransom RMIT University Thanks to Hashtag : #xw14 Please leave comments on this talk at auc.edu.au/xworld/sessions Dont use the M word Tania Dastres MacWorks Technical Lead and Marcus Ransom

957 views • 78 slides
Automated Attacks at Scale Understanding Credential Exploitation Mayank Dhiman Will

Automated Attacks at Scale Understanding Credential Exploitation Mayank Dhiman Will

Automated Attacks at Scale Understanding Credential Exploitation Mayank Dhiman Will Glazier Principal Security Researcher Threat Intelligence Analyst mayank@stealthsec.com will@stealthsec.com @l0pher @wglazier21 What do we mean by

659 views • 40 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
iCSC 2011 Lecture 1 3-4 March 2011, CERN Computer Security Theme Understanding Cryptography

iCSC 2011 Lecture 1 3-4 March 2011, CERN Computer Security Theme Understanding Cryptography

Understanding Cryptography Outline Understanding Cryptography: From Caesar to RSA 1 Basic Substitution & Attacks Nicola Chiapolini 2 More Complex Methods 3 Something Completely Different? UZH 4 Two Modern Algorithms Inverted CERN School of

363 views • 10 slides
Understanding the Need for Higher Wage Standards Testimony before the Vermont Senate Economic

Understanding the Need for Higher Wage Standards Testimony before the Vermont Senate Economic

Understanding the Need for Higher Wage Standards Testimony before the Vermont Senate Economic Development, Housing, and General Affairs Committee January 17, 2018 David Cooper Senior Economic Analyst Outline 1. The historical context 2. How

513 views • 30 slides
Backups Using Storage Clusters Joshua T. A. Davies Garrett W. Ransom

Backups Using Storage Clusters Joshua T. A. Davies Garrett W. Ransom

Backups Using Storage Clusters Joshua T. A. Davies Garrett W. Ransom Nicole M. Shaw Mentors: David Kennel, Sonny Rosemond, Cindy Valdez, Timothy Hemphill (DCS-CSD) LA-UR-14-26017 Overview

451 views • 17 slides
Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act and What it it Means for Your Community UNDERSTANDING THE CARES ACT Int Introductions Shelby y Fie iegel Je Jenn Gre regory Director,

860 views • 44 slides
Motivation (I) Recent economic recession has reopened the debate on industrial policy. In

Motivation (I) Recent economic recession has reopened the debate on industrial policy. In

Innovation, Reallocation and Growth 1 Daron Acemoglu MIT NYU, April 11, 2013. 1 Joint with Ufuk Akcigit (U. Penn), Nick Bloom (Stanford) and Bill Kerr (Harvard) 1 Innovation, Reallocation and Growth Motivation Motivation (I) Recent economic

1.05k views • 69 slides
Understanding the Economic Imperative of Energy Efficiency * John A. Skip Laitner

Understanding the Economic Imperative of Energy Efficiency * John A. Skip Laitner

Economic and Human Dimensions Research Associates ::.. Reframing Energy for the 21 st Century: Understanding the Economic Imperative of Energy Efficiency * John A. Skip Laitner (@EconSkip) In Conversation with the AESS 2017 Conference

414 views • 23 slides
Apollo's priest Chryses trying to ransom his daughter Chryseis from Agamemnon ( I liad 1.12-21).

Apollo's priest Chryses trying to ransom his daughter Chryseis from Agamemnon ( I liad 1.12-21).

Apollo's priest Chryses trying to ransom his daughter Chryseis from Agamemnon ( I liad 1.12-21). Side A of an Apulian red-figure krater, ca. 350 BCE. Achilles and Ajax playing dice. Their names are inscribed, and they call out numbers, three ( tria

495 views • 33 slides
people mediator are as saved Wants to ransom save salvation attractive respectable

people mediator are as saved Wants to ransom save salvation attractive respectable

All kinds of Sends people mediator are as saved Wants to ransom save salvation attractive respectable Squabbling men (1 Tim 1:4,2:8) Weak-willed False men women (1 Tim 1:3) (2 Tim 3:6) Myths and arguments holy prayer

508 views • 36 slides
Experiment presentation by Nayan Singhal Motivation Human understanding of image Verbs in

Experiment presentation by Nayan Singhal Motivation Human understanding of image Verbs in

Situation Recognition: Visual Semantic Role Labelling for Image Understanding Mark Yatskar, Luke Zettlemoyer, Ali Farhadi Experiment presentation by Nayan Singhal Motivation Human understanding of image Verbs in English language.

875 views • 49 slides

More recommend