what is ransomware
play

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 - PowerPoint PPT Presentation

Aug 29, 2022 •129 likes •248 views

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary 1 Confidential & Proprietary Ransomware Overview Malware that blocks access to a system, device, or file until a ransom is paid

  1. What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary 1 Confidential & Proprietary

  2. Ransomware Overview • Malware that blocks access to a system, device, or file until a ransom is paid • The ransom is typically demanded in the form of cryptocurrency (e.g., Bitcoin) • The amount demanded can range from several hundred dollars up to and exceeding $1 million Confidential & Proprietary 2

  3. Opportunistic and Strategic Campaigns Opportunistic Targeting Leading to Strategic Targeting Confidential & Proprietary 3

  4. Ransomware Lifecycle Initial Access Execution Communication Malicious Email Ransomware System Communicates to Executes on System - C2 Server - Encryption Key Server Malicious Webpage Ransom Demand Encryption Malicious Code Encryption Process Malware Begins Demands Payment Compromised Managed Service Provider Vulnerable Server Confidential & Proprietary 4

  5. Current SLTT Ransomware Trends In recent months, K-12 schools were the most impacted SLTT sector ➢ IT and cybersecurity is typically under-resourced ➢ Flat network architecture ➢ Lots of targets ➢ Reports of school districts paying ransoms Confidential & Proprietary 5

  6. Ryuk ➢ First appeared in August 2018 ➢ Most reported ransomware for SLTTs in 2019 ➢ Leverages the TrickBot botnet for network access ➢ Highly impactful and costly ransomware attacks ➢ Targets backups and shadow copies https://www.cisecurity.org/white-papers/security-primer- ryuk/ Confidential & Proprietary 6

  7. Recent Ransomware Incidents • Pensacola, FL – December 2019 • Louisiana – July and November 2019 • Alabama Hospitals (3) – October 2019 • School District in Arizona – September 2019 • Texas (22 towns) – August 2019 • Greenville, NC – April 2019 • Baltimore – May 2019 • Atlanta – March 2018 Confidential & Proprietary 7

  8. EI-ISAC & Ransomware • 24 x 7 Incident Reporting via Security Operations Center – 1-866-787-4722 – soc@cisecurity.org • Incident response, digital forensics and malware analysis via Computer Emergency Response Team • Albert Network Intrusion Detection – Monitoring and Analysis Confidential & Proprietary 8

  9. Albert Event Generation and Analysis Confidential & Proprietary 9

  10. Albert – Ransomware Detection • Albert detects Ransomware in four ways – Ransomware executable download – Establishment of Command-and-Control – Encryption keys download – Periodic check-in traffic • Average time from Albert sensor detection to customer notification is 5 minutes • Actionable information provided to affected entity for action and system remediation • To find out more about network security monitoring, contact us at services@cisecurity.org Confidential & Proprietary 10

  11. Thank You Ben Spear 518.880.0705 Ben.spear@cisecurity.org Join the MS-ISAC https://learn.cisecurity.org/ms-isac-registration Confidential & Proprietary 11

Recommend

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

Geoff Hale 1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad actors, both criminal enterprises and nation-states have made use of ransomware. What: Ransomware is a type of malware that encrypts

358 views • 6 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele Lenzini, and Daniele Sgandurra June 20, 2019 Ransomware Threat 1 Ransomware Threat 1 Deception-Based Anti-Ransomware In the context of ransomware,

507 views • 22 slides
Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

718 views • 33 slides
Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new attacker entrants, lower cost through kit automation, etc.) Take consumer and enterprise digital assets hostage using high- strength encryption

365 views • 18 slides
Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of Ransomware Technology Perspective and Attacked Devices Ransomware Economy Security Conditions Biomorphic Perimeterisation How to generate a

860 views • 61 slides
Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users files unless a ransom is paid.

517 views • 30 slides
Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy Bennett 2019 Cybersecurity Awareness Month Event October 22, 2019 2019 Texas Headlines Ransomware Ransomware Cyber criminals holding your data and

450 views • 23 slides
Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Locky Strike: Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts, FortiGuard Lion Team September 1, 2017 1 Cryptowall 2 This one? 3 Prevalence: Global ransomware Global Ransomware IPS Hits - February

647 views • 49 slides
How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How Healthcare IT Differs From General IT Agenda The Growing Threat of Ransomware What You Can Do Today To Protect Your Business How Healthcare IT

440 views • 32 slides
Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin Kirill Levchenko, Alex C. Snoeren, Damon McCoy Ransomware causes financial damages

798 views • 54 slides
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko https://arstechnica.com/information-technology/2012/11/mushrooming-growth-of-ransomware- extorts-5-million-a-year/

298 views • 13 slides
to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu

to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu

FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu Moinuddin K. Qureshi Encryption Ransomware Is Becoming More Aggressive May 12,

772 views • 75 slides
Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top Leaders-2019 www.vembu.com How to protect your business from a Ransomware attack? What is Ransomware? Types of Ransomware How it attacks? Stats for year

454 views • 16 slides
Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi

Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi

Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi with the help of many people from UCSD, NYU, and Chainalysis Only 37% of users backup their data g.co/research/protect Since 2016 ransomware

746 views • 62 slides
Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern

Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern

Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern Ransomware-as-a-Service: An Evolving Business Model Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording

999 views • 23 slides
Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM Aravind Swaminathan, Orrick, Herrington & Sutcliffe Darren Teshima, Orrick, Herrington & Sutcliffe What is ransomware? Malicious software

200 views • 17 slides
How NOT to code your ransomware Liviu Itoaf About Me $ whoami Security Researcher @

How NOT to code your ransomware Liviu Itoaf About Me $ whoami Security Researcher @

How NOT to code your ransomware Liviu Itoaf About Me $ whoami Security Researcher @ Kaspersky Hands-on work: coding, reverse engineering, vulnerability research Malware analysis trainings T ags: GTD (Getting Things

392 views • 24 slides
Prepping for Ransomware in 2017 Risks change, and so should you. THM Group & Infrascale

Prepping for Ransomware in 2017 Risks change, and so should you. THM Group & Infrascale

Prepping for Ransomware in 2017 Risks change, and so should you. THM Group & Infrascale ABOUT THM GROUP Providing custom end-to-end voice & data solu4ons At a Glance Key Focus Founded: 20 years ago HQ: Barrie, Ontario Businesses

691 views • 38 slides
What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of Transportation February March 2018 Topics How It Happened What It Did Timeline How We Responded Business Response Cyber Incident

669 views • 20 slides
Ransomware Threats to Storage(NAS/SAN/Cloud) and possible mitigation Tuesday, May 23, 2017

Ransomware Threats to Storage(NAS/SAN/Cloud) and possible mitigation Tuesday, May 23, 2017

Ransomware Threats to Storage(NAS/SAN/Cloud) and possible mitigation Tuesday, May 23, 2017 Anupam Jagdish Chomal Tech Lead/Principal Software Engineer DellEMC Isilon 1 Who am I? The Eternal Question Who am I? Principal

636 views • 18 slides
Ransomware & More Quick Note About Me Michael Zimmer, Director of Information Security

Ransomware & More Quick Note About Me Michael Zimmer, Director of Information Security

Ransomware & More Quick Note About Me Michael Zimmer, Director of Information Security Services at Northern Arizona University Working in IT at NAU 23 years, from Help Desk to Deskside Support to Sys Admin to InfoSec WHEN, not if

305 views • 8 slides
Thermostat Ransomware Or how I learned to hack like it was 1994 @cybergibbons @thekenmunroshow

Thermostat Ransomware Or how I learned to hack like it was 1994 @cybergibbons @thekenmunroshow

Thermostat Ransomware Or how I learned to hack like it was 1994 @cybergibbons @thekenmunroshow @pentestpartners www.pentestpartners.com/blog/ Overview There are no uber elite hacks, exploits or tricks in this talk Hacking most IoT

703 views • 25 slides
What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies

What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies

What To Do When Your Company Is Held for Ransom: The Latest in Ransomware Attacks and Strategies for Addressing Them September 13, 2019 What To Do When Your Company Is Held For Ransom: The Latest in Ransomware Attacks and Strategies for

58 views • 3 slides

More recommend