Upload
donald-mcarthur
View
170
Download
3
Embed Size (px)
Citation preview
RANSOMWARE:WHAT IT IS AND STRATEGIESTO PREVENT INFECTION
DONALD MCARTHUR
AGENDA• What is RansomWare
• History of RansomWare
• How RansomWare is
Deployed
• Strategies to Combat
RansomWare
• What to do if you are
infected
RANSOMWARE IS A TYPE OFMALWARE THAT RESTRICTSACCESS TO THE INFECTED
COMPUTER SYSTEM IN SOMEWAY, AND DEMANDS THE
USER PAY.
TYPES OF RANSOMWARE
• THE MOST COMMON TYPE DISPLAYS MESSAGES INTENDED TOCOAX THE USER INTO PAYING (EX. YOUR MACHINE IS INFECTED!)
• MORE DESTRUCTIVE TYPES ENCRYPT FILES ON THE SYSTEM'SHARD DRIVE
• A NEW RELEASED VERSION ACTUALLY LOCKS THE OPERATINGSYSTEM
HISTORY OF CRYPTO RANSOMWARE
• FIRST REPORTED OCCURRENCE: CRYPTOLOCKER IN 2013
• INITIALLY POPULAR IN RUSSIA BUT QUICKLY WENTINTERNATIONAL
• THE ORIGINAL CRYPTOLOCKER IN 2013 MADE AN ESTIMATED $3MILLION
• VARIANTS SINCE 2013 HAVE MADE AN ESTIMATED $30 MILLION
ATTACHMENTS ADVERTISEMENTS SECURITY HOLES
Most come through as
ZIP files or "invoices"
Ad Networks are often
targeted and exploited
for these types of
attacks.
Java, Flash, Macros
(Word, Excel)
Banner Ads
HOW RANSOMWARE IS DEPLOYED
WHAT DOESIT ENCRYPT?This can vary depending on the
variant but usually:
• Documents
• File Drives
• Network Shares
It has been known to Encrypt
• Operating Systems
• Cloud Sync Files
• Backups
WHY DOES IT SUCCEED?
DOES NOTACT LIKE AVIRUS
• Runs as a logged in user
• Morphs quickly so AV cannot
detect
BACKUPS
Honestly, How often do you
backup?
How often do you test your
backup?
SECURITYHOLES
If you are using a computer you
have to keep up with software
updates.
That includes but not limited to:
• Windows
• Office
• Flash
• Java
• Silverlight
STRATEGIES TO COMBAT RANSOMWARE
TRAININGHOW TO SPOT THREATS
ATTACHMENTSONLY OPEN THEM IF YOU WERE EXPECTING THEM.
BACKUP• FULL BACK UP WITH ROTATION OFFS ITE• CLOUD BACKUP WITH “VERS IONING” TURNED ON• EXTERNAL HARD DR IVE ONLY PLUGGED IN WHEN BACKING UP
UPDATESI F YOU ARE US ING FLASH OR JAVA DON’T IGNORE YOUR
UPDATES !
CHROMEUSE CHROME INSTEAD OF INTERNET EXPLORER WHERE POSS IBLE
INSTALL FREE EXTENSIONS L IKE AD BLOCK PLUS , IE TAB , AND AVIRAANTIVIRUS
ANTI - VIRUS & MALWARETHE FREE STUFF IS GREAT JUST MAKE SURE IT 'S ENABLED
AND UPDATED .
FIREWALL
A F IREWALL IS YOUR F IRST L INE OF DEFENSE AGAINSTANY ATTACK .
Power off your computerimmediately.
Power Down01
Call Person in Charge of IT
Call For Help02
Everyone makes mistakes BE HONEST aboutwhat happened, what you saw and what you
were doing.
Describe03
INFECTEDW H A T T O D OI F Y O U A R E