redemption real time protection against ransomware at end
play

Redemption: Real-Time Protection Against Ransomware at End-Hosts - PowerPoint PPT Presentation

Oct 20, 2023 •368 likes •718 views

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

  1. Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA

  2. What is Ransomware?

  3. What is Ransomware? u Ransomware is malicious software that encrypts user data, and demands a ransom is paid to unlock it.

  4. Well that sucks, how do I get my data back?

  5. Data Retrieval u The easiest solution: keep a backup of your files.

  6. Data Retrieval u The easiest solution: keep a backup of your files. u If and when you system is compromised by ransomware, you can use the backup to get back your files.

  7. I don’t have a backup … .

  8. I don’t have a backup … . and I NEED those files!

  9. This is really bad, can I prevent this?

  10. Prevention u CryptoDrop

  11. Prevention u CryptoDrop u SheildFS

  12. Prevention u CryptoDrop u SheildFS u PayBreak

  13. None of those work very well, what now?

  14. Redemption, Real-Time Protection

  15. Redemption Design Overview Two Components of Redemption u A characterization of ransomware behavior based on a large class of current ransomware. u High performance and integrity mechanism to restore attacked files.

  16. Redemption Design Overview

  17. How to determine Malice Score?

  18. Malice Score Two Components of Malice Score Calculation u Content-based features u Behavior-based features

  19. Content-Based Features u Entropy Ratio of Data Blocks (Shannon Entropy)

  20. Content-Based Features u Entropy Ratio of Data Blocks (Shannon Entropy) u File Content Overwrite

  21. Content-Based Features u Entropy Ratio of Data Blocks (Shannon Entropy) u File Content Overwrite u Delete Operations

  22. Behavior-based Features u Directory Traversal

  23. Behavior-based Features u Directory Traversal u Converting Files to a Specific Type

  24. Behavior-based Features u Directory Traversal u Converting Files to a Specific Type u Access Frequency

  25. Why two components of malice score calculation?

  26. Why two components of malice score calculation?

  27. Acceptable Malice Score

  28. Testing Against Other Anti-Ransomware Applications

  29. Overhead

  30. Getting around Redemption

  31. Social Engineering u Aggravating a user to the point were they turn off Redemption .

  32. Attacking the Malice Score Calculation u Selective content Overwrite u Low entropy payload u Periodic file destruction

  33. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Real-time Protection Against Ransomware at End-Hosts Written By Amin Kharraz and Engin Kirda

Real-time Protection Against Ransomware at End-Hosts Written By Amin Kharraz and Engin Kirda

Redemption: Real-time Protection Against Ransomware at End-Hosts Written By Amin Kharraz and Engin Kirda RAJSHAKHAR PAUL Outlines Introduction Existing works Contribution Threat Model Design Overview Evaluation

527 views • 48 slides
On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele Lenzini, and Daniele Sgandurra June 20, 2019 Ransomware Threat 1 Ransomware Threat 1 Deception-Based Anti-Ransomware In the context of ransomware,

507 views • 22 slides
1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

Geoff Hale 1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad actors, both criminal enterprises and nation-states have made use of ransomware. What: Ransomware is a type of malware that encrypts

358 views • 6 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
It Is Finished God has accomplished redemption by Christ and applies redemption in Christ to

It Is Finished God has accomplished redemption by Christ and applies redemption in Christ to

It Is Finished God has accomplished redemption by Christ and applies redemption in Christ to his people. The Covenant of Redemption It is Finished When Jesus had received the sour wine, he said, It is finished, and he

363 views • 18 slides
Enterprise Redemption or: How I Learned To Stop Worrying And Love the JVM Enterprise Redemption

Enterprise Redemption or: How I Learned To Stop Worrying And Love the JVM Enterprise Redemption

Enterprise Redemption or: How I Learned To Stop Worrying And Love the JVM Enterprise Redemption or: How I Learned To Stop Worrying And Love the JVM @yawnt Once upon a time... Web Services? Is that all there is? Evaluate. How? Community.

637 views • 40 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new attacker entrants, lower cost through kit automation, etc.) Take consumer and enterprise digital assets hostage using high- strength encryption

365 views • 18 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of Ransomware Technology Perspective and Attacked Devices Ransomware Economy Security Conditions Biomorphic Perimeterisation How to generate a

860 views • 61 slides
Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10 Updated 2009-02-15 Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time system Logical function What should be done &

500 views • 8 slides
Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate Engine + Fabric Offline Develop initial monitoring query Back-test Progressive Non-temporal analysis Interactive Query Authoring

383 views • 15 slides
A PRACTICAL GUIDE FOR USE OF REAL TIME DETECTION SYSTEMS FOR WORKER PROTECTION AND COMPLIANCE

A PRACTICAL GUIDE FOR USE OF REAL TIME DETECTION SYSTEMS FOR WORKER PROTECTION AND COMPLIANCE

A PRACTICAL GUIDE FOR USE OF REAL TIME DETECTION SYSTEMS FOR WORKER PROTECTION AND COMPLIANCE WITH OCCUPATIONAL EXPOSURE LIMITS DOE and DOE Contractors Industrial Hygiene Meeting In conjunction with the 2019 American Industrial Hygiene

726 views • 39 slides
Redemption Matthew 7:1-12 A Heart For Redemption A Heart For Redemption 1. See yourself clearly

Redemption Matthew 7:1-12 A Heart For Redemption A Heart For Redemption 1. See yourself clearly

A Heart For Redemption Matthew 7:1-12 A Heart For Redemption A Heart For Redemption 1. See yourself clearly 1 Do not judge, or you too will be judged. A Heart For Redemption 1. See yourself clearly 1 Do not judge, or you too will be

763 views • 16 slides
Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing

Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing

Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing constraints (Temporal) Determinism Correctness of system depends not only on the logical result of the computation, but also on the time at which

531 views • 13 slides
Real- Real -time systems time systems Real- Real -time programming time programming

Real- Real -time systems time systems Real- Real -time programming time programming

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #2 Updated 2009-01-18 Real- Real -time systems time systems Real- Real -time programming time programming Recommended programming method: Recommended programming method:

251 views • 8 slides
Nf=2+1+1 renormalisation of four-quark operators Julien Frison University of Edinburgh For the

Nf=2+1+1 renormalisation of four-quark operators Julien Frison University of Edinburgh For the

Order a 4 Intro. Strat. Results Concl. Backup slides Nf=2+1+1 renormalisation of four-quark operators Julien Frison University of Edinburgh For the RBC-UKQCD collaboration 33rd International Symposium on Lattice Field Theory Lattice15

297 views • 26 slides
Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client

Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client

Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client Redis Put key2 value2 Client Get key1 Single-node state machine Client Op1 args1 State machine Client Op2 args2 Client Op

942 views • 42 slides
NREN Backup Services TF-Storage 3, Dublin, Jan Meijer <uninett.no> business case? cheaper

NREN Backup Services TF-Storage 3, Dublin, Jan Meijer <uninett.no> business case? cheaper

NREN Backup Services TF-Storage 3, Dublin, Jan Meijer <uninett.no> business case? cheaper better more evolutionary path offsite backup (data offsite) disaster recovery site (data, server images offsite) cloudify Norwegian higher

664 views • 23 slides
Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures Traditional state machine

989 views • 41 slides
Efficient Planning 1 R. S. Sutton and A. G. Barto: Reinforcement Learning: An Introduction

Efficient Planning 1 R. S. Sutton and A. G. Barto: Reinforcement Learning: An Introduction

Efficient Planning 1 R. S. Sutton and A. G. Barto: Reinforcement Learning: An Introduction Tuesday class summary: Planning: any computational process that uses a model to create or improve a policy Dyna framework: 2 R. S. Sutton and A. G.

557 views • 27 slides
Synology 2020 Sales Manager Devin Santamaria Hybrid Cloud & Beyond The private vs. public

Synology 2020 Sales Manager Devin Santamaria Hybrid Cloud & Beyond The private vs. public

Synology 2020 Sales Manager Devin Santamaria Hybrid Cloud & Beyond The private vs. public cloud debate is over 81 % IT organizations use public cloud 81% *Source: TechTarget , Public cloud workload success requires IT leadership 41 %

1.15k views • 47 slides
EXAM REVIEW, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Announcements

EXAM REVIEW, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Announcements

EXAM REVIEW, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Announcements Emergence/RobotFollower presentations in class tomorrow Optional Intro to MATLAB session Thursday hours 7-8 or hours 9-10 in C111

363 views • 7 slides
iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS Data Protection Hands-On! FORENSICS 101 Acquisition Analysis Reporting GOALS: 1. Assuming physical access to the device extract as much

763 views • 41 slides

More recommend