'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
10
WELCOME TO: “We Eat Cryptovirus for Breakfast” HOW TO BEAT RANSOMWARE
-
Upload
lucy-denver -
Category
Business
-
view
97 -
download
3
Transcript of 'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
WELCOME TO:“We Eat Cryptovirus
for Breakfast”HOW TO BEAT RANSOMWARE
Cryptovirus – what is it?
Cryptolocker, A.K.A. Cryptovirus, is just one version of Ransomware.Ransomware is the term for malware that prevents or limits a user’s access to their files or computers. They force victims to pay a ransom usually in the form of Bitcoins or MoneyPack before allowing access back to the user. Ransomware may:
• Prevent you from accessing Windows• Encrypt files so you can’t use them• Stop certain apps from running.
Types of Ransomware
Encryption RansomwareEncrypts files and then deletes the original (documents, databases, photos, videos, backup files).
Lock Screen RansomwareLocks the computer by displaying a full screen image, blocking all other windows. Normally pretends to find illegal content on your PC and demands a payment in form of a fine.
Master Boot Record (MBR)Changes MBR preventing access to boot the PC to its Operating System.
Web Server EncryptionTargets websites, encrypting a number of the website’s files.
Mobile device ransomwareMobile device infected via fake apps, or via ‘drive-by downloads’.
How is Ransomware distributed?
Website
Plants code which executes when opening a corrupted site. Sites can be fake or compromised legitimate sites.
Malicious Link
Contained within an e-mail or instant message via a social networking site.Email Attachment
Tricks the user into thinking that the email is legitimate and from a trusted source. Normally contains an exe, zip, doc, suspicious link or a file disguised as something else (i.e. order50123.pdf.exe).
By hovering over a link in an email, you can see the web address it will take you to. If it looks suspicious, think twice before you click it!
How is Ransomware distributed?
Infected Machines
Encrypts any drive it can find including mapped drives and external attachments.
System Compromised
Access gained through brute force, loopholes, or unsecure systems.Infection is not immediately apparent to the user.
The malware operates silently in the background until the system or data-locking mechanism is deployed.
What issues can Ransomware cause?
Immediate issuesLoss of access to critical files and systemsInability to process orders, take payments or contact
customersWorkforce – both onsite and remote – unable to workCutting off the infected part of the network to limit spreadDecision to pay the ransom.
Longer-term issuesLegal implications of sensitive or proprietary data lossDisruption to regular operations Financial losses incurred to restore systems and filesPotential harm to an organisations reputationDirectors personally liable if job losses result from loss of systems.
What can I do to avoid infection?UpdatesKeep all software up to date including AV, and Windows updatesCheck your emailsBe careful when opening email attachments and clicking links within emails. Always check the sender’s address and location of links.Backup and Disaster RecoveryAlways have a good backup and system recovery in placePasswordsHave a strong company password policyBest practiceRemind everyone of best practice by having this poster up in your officeCommon senseUse your common sense when dealing with emails and downloads – if you’re not sure, ask your IT Manager!
What can I do if my network is infected?
Isolate - Prevent further infection• Remove the network cable• Unplug all attached external drives• Power off the suspect device• Inform your IT Support team• Run AV & malware removal software
Should I pay the ransom?• Unless you have a fool-proof Disaster Recovery
service, paying may be the only way to get your data back…
• …but paying the ransom doesn’t guarantee it. Remember, these are criminals you’re dealing with!
Recovery • Revert to shadow copies or previous versions of files• Re-install OS or replace your servers• Restore from your last healthy backup
What can I do if my network is infected?
Brute force – Break the encryption Key (take a deep breath)• There are 115,792,089,237,316,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000, 000,000 possible combinations
• It would take 300 billion devices, working at 10 million keystrokes per second this many years to try all possible combinations because there are this many:
1,254,856,009,386,230,000,000,000,000,000,000,000,000,000,000,000,000
• But the sun might collapse in 4,000,000,000 years, so……We’re sure you have better things to do with your time!
Summary and questions
Ransomware:Holds data to ransomComes in 5 flavours: encryption is the most popularCan be disguised in links and attachmentsUses 256-bit encryption – unbreakable by today’s standards.
www.aagsystems.com facebook/[email protected]
Remember to:Isolate infected machines as quickly as possibleBackup your data and have a Disaster Recovery plan in place.
If in doubt:Speak to AAG Systems about
your current setup and how you can improve it.
