Scribd
Upload
7K views17 pages

RANSOMWARE PPT

The document provides an overview of ransomware, including: - Ransomware encrypts users' files and demands payment to decrypt them. There are two main types: encryptors and lockers. - Ransomware has existed since 1989 but became more widespread and sophisticated in the 2010s, using techniques like RSA encryption and bitcoin payments. - Individuals and organizations can protect themselves by backing up files, using security tools, and having disaster recovery plans that include regular testing in case of ransomware attacks.

Uploaded by

Venugopal
Copyright
© Public Domain
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7K views17 pages

RANSOMWARE PPT

The document provides an overview of ransomware, including: - Ransomware encrypts users' files and demands payment to decrypt them. There are two main types: encryptors and lockers. - Ransomware has existed since 1989 but became more widespread and sophisticated in the 2010s, using techniques like RSA encryption and bitcoin payments. - Individuals and organizations can protect themselves by backing up files, using security tools, and having disaster recovery plans that include regular testing in case of ransomware attacks.

Uploaded by

Venugopal
Copyright
© Public Domain
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

RANSOMWARE

CYBER SECURITY
Overview

Below is what we will be going over in our presentation.


 Introduction of Ransomware.
 Background and history of Ransomware.
 Types of Ransomware attacks.
 What you can do to protect yourself from Ransomware.
 Backup and DR planning.
 Real world examples of Ransomware.
What is Ransomware?
 One of the most prominent and fast growing threats
which:
1.Takes users files
2. Encrypts them
3. And creates a decryption key
This makes the user’s files inaccessible until
some sort of Ransom is paid.

Two main types of Ransomware.


1. Encryptors- which incorporate encryption algorithm s to black system files and demand
some sort of payment to be able to access the key to decrypt victims files.
2. Locker – completely locks users out of their devices by not allowing them to or locking
them out of their operating system until the desired ransom is paid.
History of Ransomware
 It’s been said that Ransomware was introduced as an AIDS Trojan in 1989 when Harvard-
educated biologist Joseph L. Popp sent 20,000 compromised diskettes named “AIDS Information –
Introductory Diskettes” to attendees of the internal AIDS conference organized by the World
Health Organization. The Trojan worked by encrypting the file names on the customers’ computer
and hiding directories. The victims were asked to pay $189 to PC Cyborg Corp. at a mailbox in
Panama.
 From 2006 and on, cybercriminals have become more active and started using asymmetric RSA
encryption. They launched the Archives Trojan that encrypted the files of the My Documents
directory. Victims were promised access to the 30-digit password only if they decided to purchase
from an online pharmacy.
 After 2012, ransomware started spreading worldwide, infecting systems and transforming into
more sophisticated forms to promote easier attack delivery as the years rolled by. In Q3, about
60,000 new ransomware was discovered, which doubled to over 200,000 in Q3 of 2012.
 The first version of CryptoLocker appeared in September 2013 and the first copycat software
called Locker was introduced in December of that year.
 Ransomware has been creatively defined by the U.S. Department of Justice as a new model of
cybercrime with a potential to cause impacts on a global scale. Stats indicate that the use of
ransomware is on a steady rise and according to Veeam, businesses had to pay $11.7 on
average in 2017 due to ransomware attacks. Alarmingly, the annual ransomware-induced costs,
including the ransom and the damages caused by ransomware attacks, are most likely to shoot
beyond $11.5 billion by 2019
Birth and Evolution of Ransomware

 Early Years

1. Born in 1989 and given the name “AIDS”


2. Focused attacks primarily in the healthcare industry
3. Encrypted files on a system and demanded ransom to decrypt them

 Evolution and Adaptability

1. Utilization of more sophisticated algorithms such as RSA

2. Usage and ransom of cryptocurrencies like bitcoin to maintain anonymity.

3. Pre-built infrastructures and AES-256 encryption promote wide distribution.


Types of Ransomware Attacks

 Locker Ransomware

Deny access to computing resources.


Locks computer
Displays official message
Limits user’s capabilities
 Crypto Ransomware

Find and encrypt valuable data stored on user’s computer


Makes data useless
Computer does not have limited access
Attacker uses information to extort the user into giving them money
 Jigsaw Ransomware

Encrypts important information


Starts deleting the files until ransom is paid
72 hour mark and the user loses all their information
 KeRanger Ransomware

Encrypt Mac users backup files


Not able to recover anything
Ransom of about $400
 WannaCry

Encrypts user’s data


Ransom of about $300 using Bitcoins
Increases ransom or delete the user’s files stored in the computer
How Ransomware works
 Ransomware is a prominent and
fast growing threat which takes
user files, encrypts them and
creates decryption key making
the user’s files inaccessible until
some sort of ransom is paid
 Ransomware attacks work in
that malware sent from the
hacker can be spread through
malicious email attachments,
infected external storage
devices and websites that are
compromised
Anatomy of ransomware attack
 A ransomware attack is a multi-step process. If the proper defenses are in place
at the various steps of the attack, the impact can be greatly reduced.
 Delivery and exploit: Ransomware is delivered through a certain mechanism
(e.g.: phishing) and finds a vulnerability or a victim to attack
 Install and disarm: Ransomware installs itself and lower the security poster of the
victim machine
 Occupy and encrypt: Establish communication with the command and control
server and encrypt data files and mapped drivers
 Demand ransom: Users attempt to access files and are alerted that the data has
been encrypted
 Decrypt: Decryption keys will only be provided on payment of a ransom
Secure and Protect
 On the computer

Do not store important data


Backup important files
After usage, disconnect from the cloud
 In the Browser

Remove plugins from your browser


Adjust browser’s security settings
Use an ad blocker
 Security Tools

Have a real time scanner


Have your firewall on
Use internet security suite’s
 Online

Do not open spam emails


Never download attachments from spam email
Only open emails from known recipients

 Infected?

Disconnect your computer


Contact and IT professional
Report the crime
If absolutely necessary, pay the ransom
Why backup testing & Having a DR plan
 Many organizations recognize the need for a disaster recovery plan;
however the majority don’t have one in place. Those that have a DR
plan often don’t test it.
• 80% of U.S. companies lack a DR plan
• 50% of small and midsized businesses (SMBs) worldwide have no DR plan
• 72% of SMBs worldwide that have a DR plan have never tested it
• 25% of reported DR tests fail

 So why aren’t DR plans being tested, or being tested more often?


• 40% of SMBs fear that DR testing will impact their business operations and
their customers
• 27% of SMBs fear disruption to their sales and revenue
• 48% of SMBs claim that they lack the resources to test their DR plans on a
regular basis
Building a disaster recovery plan

 Disaster recovery planning is the plan put in place to recover from a


disaster or interruption of key services. The business continuity plan
includes:
 Creating of business continuity and disaster recovery policy
 Business impact analysis
 Classification of operations and criticality analysis
 Development of a business continuity plan and disaster
recover procedures
 Training and awareness, Testing
 Ongoing Monitoring
Know your environment and SLA’S

• Recovery point objectives


• How much lost data can you afford?
• Data size/change rate (i.e. what is feasible?)

• Recovery time objectives


• How long can you afford to be down?

• SLA’s Determine Which Cloud Provider


• Depending on the recovery time, 4 different ways to choose: 3RD
Party Cloud, Replication, DRaaS or Manufacturers Cloud
Real world examples of Ransomware

You might also like