Ransomware: DataENcryption made easy The Word Ransom = Ransom - - PowerPoint PPT Presentation

ransomware dataencryption made easy
SMART_READER_LITE
LIVE PREVIEW

Ransomware: DataENcryption made easy The Word Ransom = Ransom - - PowerPoint PPT Presentation

Dec 25, 2023 202 likes •749 views

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing History 1989 AIDS TROJAN DISK distributed/infected via floppy disk developer was caught and put into jail 2005 first internet attack

slide-1
SLIDE 1

Ransomware: „DataENcryption made easy“

slide-2
SLIDE 2

The Word

  • “Ransom” = Ransom
  • Blackmailing
slide-3
SLIDE 3

History

slide-4
SLIDE 4

1989 AIDS TROJAN DISK distributed/infected via floppy disk developer was caught and put into jail

slide-5
SLIDE 5

2005 first internet attack “TROJ_PGPCODER.A” couple of hundred $ ransom

slide-6
SLIDE 6

Today

slide-7
SLIDE 7

A lot of infections

slide-8
SLIDE 8

In the meantime (big) companies affected

slide-9
SLIDE 9

¼ of the people pay the ransom (estimated number of unknown cases higher)[0]

[0]Source: http://www.gulli.com/news/13828-umfrage-zu-ransomware-rund-ein-viertel-wuerde-loesegeld-zahlen-2010-07-17
slide-10
SLIDE 10

Different versions of Ransomware

A Selection
  • Locky
  • TeslaCrypt
  • CryptoWall 4.0
  • Petya
  • Cerber
  • CTB-Locker
Rot: No Decrypter available Grün: Decrypter available
slide-11
SLIDE 11 http://www.heise.de/newsticker/meldung/Ransomware-US-Krankenhaus-zahlt-40-Bitcoins- Loesegeld-3109956.html

Ransomware in reality

slide-12
SLIDE 12

current Ransomware: Popcorn Time

Source: https://futurezone.at/digital-life/ransomware-gibt-daten-frei-wenn-man-freunde-infiziert/235.465.376
slide-13
SLIDE 13

current Ransomware: Goldeneye

Source: http://www.golem.de/news/petya-variante-goldeneye-ransomware-verschickt-ueberzeugende-bewerbungen-1612-124940.html
slide-14
SLIDE 14

WannaCry?!

slide-15
SLIDE 15
slide-16
SLIDE 16
slide-17
SLIDE 17
slide-18
SLIDE 18 Source: https://imgur.com/gallery/tbyUCBW
slide-19
SLIDE 19

A guide to getting infected

slide-20
SLIDE 20 Source: https://www.uni-siegen.de/it-sicherheit/aktuelles/676053.html

Example email, with links to Ransomware

slide-21
SLIDE 21

Office (Word) Macro

slide-22
SLIDE 22 Bildquelle:http://arstechnica.com/security/2016/03/its-2016-so-why-is-the-world-still-falling-for-office-macro-malware/ Example of Word-Macro Malware
slide-23
SLIDE 23 Bildquelle:http://arstechnica.com/security/2016/03/its-2016-so-why-is-the-world-still-falling-for-office-macro-malware/ Example of Word-Macro Malware
slide-24
SLIDE 24

PDF

Through security holes in PDF format.
  • ften exploited using unknown “zero-day”
slide-25
SLIDE 25

Adobe Flash (Player)

slide-26
SLIDE 26

(Java) Drive by Attack

slide-27
SLIDE 27

What happens exactly?

  • Different methods
  • Different data extensions encrypted
  • Blackmailing message
  • Optional: Countdown
  • Deletion of data
  • Possible: blackmail with data
slide-28
SLIDE 28

How it is encrypted?

  • Files → symmetric with AES
  • AES Key → RSA Public Key
  • On Server → RSA Private Key

Other way of encryption also possible! Petya/Goldeneye → File System Table & MBR

slide-29
SLIDE 29

How to protect?

slide-30
SLIDE 30

Backups

slide-31
SLIDE 31
slide-32
SLIDE 32

Various ways of Backups

  • Single Files
  • Image
  • incremental
  • Remote Backups on fileserver
  • Differential
slide-33
SLIDE 33

Think about

  • Software Licenses
  • Userprofile of programs
– Firefox – Thunderbird
  • passwords
slide-34
SLIDE 34

Copies of the files on the local computer are not safe. Also not on a another partition of the same HDD!

slide-35
SLIDE 35
slide-36
SLIDE 36

Test your backup!

In worst case restoring the backup doesn't works testing is essential!
slide-37
SLIDE 37

Software recommendation

  • Paragon Backup & Recovery 14 Free
  • Areca Backup
  • AOMEI Backupper
  • Windows internal Backuptool
slide-38
SLIDE 38

Up-to-date anti virus (AV) software

slide-39
SLIDE 39

Up-to-date Operating System + Browser + programs (Adobe PDF)

slide-40
SLIDE 40

Turn on windows file extensions

slide-41
SLIDE 41

Deactivate Adobe Flash better: uninstall

slide-42
SLIDE 42

Email + attachment mistrust

slide-43
SLIDE 43

No administrator privileges! Work with limited user privileges Doesn’t protect from Ransomware! Data will still be encrypted provides false security

slide-44
SLIDE 44

no plugging in of (Un)known Flash drives

slide-45
SLIDE 45

You can check suspicious files online https://www.virustotal.com Don’t upload private data!

slide-46
SLIDE 46

Use Linux!

Userfriendly Systems:
  • Ubuntu
  • Linux Mint
slide-47
SLIDE 47
slide-48
SLIDE 48

Backup? Backup BACKUP!

slide-49
SLIDE 49

Summary

Infected, what to do?

1) Turn off computer immediately 2) Boot live System (from flash drive/CD/DVD) 3) Detect Ransomware type 4) Rescue data 5) Reinstall OS 6) Restore Backup

slide-50
SLIDE 50
slide-51
SLIDE 51
slide-52
SLIDE 52

Questions?

slide-53
SLIDE 53

Further Sources & Informationen (German/English)

https://ransomware.at/ https://github.com/ytisf/theZoo

slide-54
SLIDE 54

Creator CC-BY: Hetti – https://twitter.com/Th3PeKo