RANSOMWARE:WHAT IT IS AND STRATEGIESTO PREVENT INFECTION

DONALD MCARTHUR

AGENDA• What is RansomWare

• History of RansomWare

• How RansomWare is

Deployed

• Strategies to Combat

RansomWare

• What to do if you are

infected

RANSOMWARE IS A TYPE OFMALWARE THAT RESTRICTSACCESS TO THE INFECTED

COMPUTER SYSTEM IN SOMEWAY, AND DEMANDS THE

USER PAY.

TYPES OF RANSOMWARE

• THE MOST COMMON TYPE DISPLAYS MESSAGES INTENDED TOCOAX THE USER INTO PAYING (EX. YOUR MACHINE IS INFECTED!)

• MORE DESTRUCTIVE TYPES ENCRYPT FILES ON THE SYSTEM'SHARD DRIVE

• A NEW RELEASED VERSION ACTUALLY LOCKS THE OPERATINGSYSTEM

HISTORY OF CRYPTO RANSOMWARE

• FIRST REPORTED OCCURRENCE: CRYPTOLOCKER IN 2013

• INITIALLY POPULAR IN RUSSIA BUT QUICKLY WENTINTERNATIONAL

• THE ORIGINAL CRYPTOLOCKER IN 2013 MADE AN ESTIMATED $3MILLION

• VARIANTS SINCE 2013 HAVE MADE AN ESTIMATED $30 MILLION

ATTACHMENTS ADVERTISEMENTS SECURITY HOLES

Most come through as

ZIP files or "invoices"

Ad Networks are often

targeted and exploited

for these types of

attacks.

Java, Flash, Macros

(Word, Excel)

Banner Ads

HOW RANSOMWARE IS DEPLOYED

WHAT DOESIT ENCRYPT?This can vary depending on the

variant but usually:

• Documents

• File Drives

• Network Shares

It has been known to Encrypt

• Operating Systems

• Cloud Sync Files

• Backups

WHY DOES IT SUCCEED?

DOES NOTACT LIKE AVIRUS

• Runs as a logged in user

• Morphs quickly so AV cannot

detect

BACKUPS

Honestly, How often do you

backup?

How often do you test your

backup?

SECURITYHOLES

If you are using a computer you

have to keep up with software

updates.

That includes but not limited to:

• Windows

• Office

• Flash

• Java

• Silverlight

STRATEGIES TO COMBAT RANSOMWARE

TRAININGHOW TO SPOT THREATS

ATTACHMENTSONLY OPEN THEM  IF  YOU WERE EXPECTING THEM.

BACKUP•  FULL BACK UP  WITH ROTATION OFFS ITE•  CLOUD BACKUP  WITH  “VERS IONING”  TURNED ON• EXTERNAL HARD DR IVE ONLY PLUGGED  IN WHEN BACKING UP

UPDATESI F  YOU ARE US ING FLASH OR  JAVA DON’T   IGNORE YOUR

UPDATES !

CHROMEUSE CHROME  INSTEAD OF  INTERNET EXPLORER  WHERE POSS IBLE

INSTALL FREE EXTENSIONS L IKE  AD BLOCK PLUS ,   IE  TAB ,  AND AVIRAANTIVIRUS

ANTI - VIRUS & MALWARETHE FREE STUFF  IS  GREAT  JUST  MAKE SURE  IT 'S  ENABLED

AND UPDATED .

FIREWALL

A F IREWALL  IS  YOUR F IRST  L INE OF DEFENSE AGAINSTANY ATTACK .

Power off your computerimmediately.

Power Down01

Call Person in Charge of IT

Call For Help02

Everyone makes mistakes BE HONEST aboutwhat happened, what you saw and what you

were doing.

Describe03

INFECTEDW H A T T O D OI F Y O U A R E