1 / 49

CSCD 434 Spring 2019

Learn about the growing threat of ransomware attacks, the financial and reputational consequences they pose, and the steps to prevent and recover from them.

autumnd
Download Presentation

CSCD 434 Spring 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCD 434Spring2019 Lecture 10 Attacks for Profit Ransomeware 1

  2. Introduction Today ... Ransomeware Definition Scope – How bad is it? Those Responsible Infections Details Clean-up and Prevention

  3. Introduction • Ransomware • Is a type of malware that takes control over a computer or computer system by encrypting all the data on the drive • Data is then held at ransom until a predetermined cost is paid. • Due tocryptocurrencies (e.g., bitcoins) for payment it is difficult to track those demanding the ransom making it tough to prosecute

  4. Ransomeware Consequences Financial Ransoms through ransomware continue to grow in costs as ransomware methods become more sophisticated Outside of the ransom, costs due to downtime, recovery, and security maintenance can be considerable Legal Privacy and security negligence may constitute legal ramifications based on state and federal policies and regulations (e.g. HIPAA) Personal lawsuits may be leveled if there is perceived harm

  5. Ransomeware Consequences Reputation Ransomware events have become a hot topic and speak poorly of victims regardless of the exact circumstances Patient’s may be hesitant to initiate or reconsider care if they perceive that a provider is unsafe with their health data Customers of any organization, Bank, store or other company likewise won’t trust their data is safe

  6. Who is Targetted by Ransomeware

  7. 2016 Is a Ransomware Horror Show Ransomware on pace to be 1 billion dollar business in 2016 CNN Money new estimates from FBI show that costs from so-called ransomware have reached an all-time high.  Cyber-criminals collected $209 million in first three months of 2016 by extorting businesses and institutions to unlock computer servers.

  8. 2018 Ransomeware Stats • Damages from ransomware are expected to rise to $11.5 billion this year, 2018 https://www.backblaze.com/blog/complete-guide-ransomware/

  9. History of Ransomeware

  10. Ransomeware History

  11. A Short History & Evolution of Ransomware Ransomware attacks cause downtime, data loss, possible intellectual property theft, and ransomware attack is looked at as a possible data breach

  12. Newest Ransomware And Groups Responsible

  13. Groups and Exploits Infamous Shadow Brokers hacker group active since 2016 has been responsible for leaking several NSA exploits, zero-days and hacking tools EternalBlue, is an exploit developed by U.S. National Security Agency (NSA) according to testimony by former NSA employees It was leaked by Shadow Brokers on April 14, 2017 Used as part of worldwide WannaCry ransomware attack on May 12, 2017 Exploit was also used to help carry out the 2017 NotPetya attack on June 27, 2017 Also reported to be used as part of Retefe banking trojan since at least September 5, 2017

  14. Eternal Blue Description EternalBlue exploits a vulnerability in Microsoft's Server Message Block (SMB) protocol Vulnerability is known as CVE-2017-0144 in Common Vulnerabilities and Exposures (CVE) Database Can you guess what kind of vulnerability? Exists because SMB Version 1 server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on target computer

  15. Eternal Blue Description March 14, 2017, Microsoft issued security bulletin MS17-010, detailing flaw plus announced that patches had been released for all Windows versions Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016 Good Analysis of the Exploit https://www.scribd.com/document/365063744/EternalBlue-RiskSense-Analysis-1-2

  16. Scope of Damage via WannaCry Many Windows users had not installed patches when, on May 12, 2017, WannaCry ransomware attack used EternalBlue vulnerability to spread itself By end of 2018, millions of systems were still vulnerable to EternalBlue This has led to millions of dollars in damages due primarily to ransomware worms WannaCry, NotPetya and BadRabbit Extimated impact of WannaCry, NotPetya and BadRabbit have caused over $1 billion worth of damages in over 65 countries

  17. Ransomeware Operation

  18. What Gets Encrypted

  19. TOR Used to CommunicateAnnounimously

  20. Ransomeware Recovery

  21. Steps to Recovery 1 — Isolate the Infection Rate and speed of ransomware detection is critical in combating fast moving attacks before they succeed in spreading across networks and encrypting vital data 2 — Identify the Infection Most often ransomware will identify itself when it asks for ransom There are numerous sites that help identify ransomware, ID Ransomware, https://id-ransomware.malwarehunterteam.com/index.php The No More Ransomware! Project https://www.nomoreransom.org/en/index.html provides the Crypto Sheriff https://www.nomoreransom.org/crypto-sheriff.php?lang=en to help identify ransomware.

  22. Steps to Recovery 3 — Report to the Authorities You’ll be doing everyone a favor by reporting all ransomware attacks to the authorities. The FBI urges ransomware victims to report ransomware incidents regardless of the outcome

  23. Steps to Recovery 4 — Determine Your Options Your options when infected with ransomware are: Pay the ransom Try to remove malware Wipe system(s) and reinstall from scratch It’s generally considered a bad idea to pay the ransom. Paying the ransom encourages more ransomware, and often unlocking encrypted files is not successful In recent survey, more than three-quarters of respondents said their organization is not at all likely to pay ransom in order to recover their data (77%) Only a small minority said they were willing to pay some ransom

  24. Steps to Recovery 5 — Restore or Start Fresh You can try to remove malware from your systems or Wipe your systems and reinstall from safe backups and clean OS and application sources Recommended It’s Best to Wipe All Systems Completely !!! Surest way of being certain that malware or ransomware has been removed from a system is to do a complete wipe of all storage devices and reinstall everything from scratch https://www.backblaze.com/blog/complete-guide-ransomware/

  25. Prevention

  26. Ransomware Prevention

  27. Ransomware Prevention

  28. Ransomware Prevention 3. Operating System Ensure security patching is turned on Use application whitelisting Only known programs allowed to run

  29. Ransomware Prevention 4. Hardware

  30. Ransomware Prevention 5. User Training

  31. Make Sure Backups Work !!! Can actually test your backups periodically to insure they work

  32. Summary Each decade there arises a new security threat 70’s, 80’s and into 90’s – Era of the Virus Late 80’s, 90’, 2000 – Era of the Worm 90’s, 2000 and up – Rootkits, Trojans 2010 into today – Ransomeware What’s next?

  33. The End

More Related