A Hackers perspective on ransomware
Transcript of A Hackers perspective on ransomware
![Page 1: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/1.jpg)
© 2016 Avecto Ltdavecto.com
A Hacker’s perspective on ransomware How ransomware works and how to prevent it
With Paula JanuszkiewiczCQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
![Page 2: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/2.jpg)
![Page 3: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/3.jpg)
*Based on Trustwave Global Security Report 2013/2014
![Page 4: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/4.jpg)
![Page 5: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/5.jpg)
~ 50% of organizations have experienced a
malware infection via email in the past calendar
year
$115 per user – amount spent on security software
in 2014
When $33 of that was underutilized or never used
~ 84% of IT Pros believe they need at least to
double their staff to respond to security issues
When 49% of security positions were left
unfilled in 2014
Source: http://pwc.com
![Page 6: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/6.jpg)
Sad facts
Photo: the New York Times Magazine
![Page 7: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/7.jpg)
Encrypts data
![Page 8: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/8.jpg)
![Page 9: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/9.jpg)
In theory: Once the payment is verified, the
program will decrypt the files
The private key that is used to decrypt the
infected files is on the C&C server
"C:\Windows\SYSWOW64\cmd.exe" /C
"C:\Windows\Sysnative\vssadmin.exe"
Delete Shadows /All /Quiet
Encrypts data stored on network shares if the
shared folders are mapped as a drive letter
on the infected computer
Infection spawns two processes of itself
It seemed to be a normal PDF file…
![Page 10: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/10.jpg)
![Page 11: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/11.jpg)
Public shamingOne of the latest version of CryptoWall was threatening to:
- Delete the keys to decrypt data
and…
- Publishing it online if they do not pay and follow the demands!
Photo: the New York Times Magazine
![Page 12: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/12.jpg)
1. Back up the data
2.
3.
4.
5.
6.
7.
8.
9.
10.
11. Arrange Security Awareness campaigns
![Page 13: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/13.jpg)
I know the traffic rules….
Awareness
They know the traffic rules….
![Page 14: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/14.jpg)
… but does it guarantee that they are good
drivers?
Behavior
![Page 15: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/15.jpg)
Culture
Users educated on best security practices
Regular quizzes / testing / workshops
Incident response plans established
Identified events to trigger the plan
Assessed data protection across all assets -endpoints, networks, regular data
AppLocker + SRP - when implemented wisely
Penetration testing evaluate how
resilient systems are to compromise
Code execution prevention or monitoring
Organizational Approach
Conclusion: Each organization can aim for a responsible security culture
![Page 16: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/16.jpg)
© 2015 Avecto Ltdavecto.com
• Isolates browser, downloaded content and email attachments
• Mitigates ransomware / web threats
• Protect data and contain unknown threats
• #1 Defense strategy
• Easy to achieve whitelisting
• Regain control of unknown applications
• Mitigates 85% Critical Windows vulnerabilities
• Protect user and system
• Privileges when you need them
![Page 17: A Hackers perspective on ransomware](https://reader031.fdocuments.us/reader031/viewer/2022030402/589be2671a28aba5108b5dcf/html5/thumbnails/17.jpg)
© 2016 Avecto Ltdavecto.com
For more information about Defendpoint or to arrange a demo,
please visit www.avecto.com