Understanding Economic Motivation behind Ransom Attacks Fyodor - - PowerPoint PPT Presentation

understanding economic motivation behind ransom attacks
SMART_READER_LITE
LIVE PREVIEW

Understanding Economic Motivation behind Ransom Attacks Fyodor - - PowerPoint PPT Presentation

May 19, 2023 36 likes •450 views

Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher | HITCON Review Board Member Agenda Evolution of Ransom Attacks Where is the Profit? What are the Margins? Conclusions How it started

slide-1
SLIDE 1

Understanding Economic Motivation behind Ransom Attacks

Fyodor Yarochkin Trend Micro Researcher | HITCON Review Board Member

slide-2
SLIDE 2

Agenda

  • Evolution of Ransom Attacks
  • Where is the Profit? What are the Margins?
  • Conclusions
slide-3
SLIDE 3

How it started

slide-4
SLIDE 4

Social Engineering: FAKE AV

slide-5
SLIDE 5

It is all about monetization

“For financial needs of any level of dirtiness - SIM + A/C + Passport Copy”

slide-6
SLIDE 6

Ransom done wrong

give me 13439849038409238 dollars

slide-7
SLIDE 7

Ransom done right (scalability is important)

1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD 1 USD

slide-8
SLIDE 8
  • ld days

August 2010: 300 ruble per unlock. 500M annual income, over 1M victims

slide-9
SLIDE 9

Getting paid was a challenge

slide-10
SLIDE 10

probing international market

slide-11
SLIDE 11

2013 - BITCOIN AGE EVERYONE IS A TARGET!

https://blockchain.info/address/ 18iEz617DoDp8CNQUyyrjCcC7XCGDf5SVb

slide-12
SLIDE 12

Ransom4bc

nsightful commenter:

slide-13
SLIDE 13

biz is good

slide-14
SLIDE 14

crypto locker

Prices - March - 2017

slide-15
SLIDE 15

340USD is the price for source code, Watson!!

slide-16
SLIDE 16
  • nly 30k

Does not work in ex-USSR countries Only 600USD

slide-17
SLIDE 17

builder sale - only $300

slide-18
SLIDE 18

crypto locker builder

slide-19
SLIDE 19

builder - nice UI :)

slide-20
SLIDE 20

⽔氵⽔氵⽔氵 :)

slide-21
SLIDE 21
slide-22
SLIDE 22

http://www.ksl.com/?sid=43357235

slide-23
SLIDE 23

Also redis, mongo, ES

slide-24
SLIDE 24

Armada Collective

slide-25
SLIDE 25

Booters

Arbor Network Report on DDoS: less than 60 min 90% less than 1 Gbps 84%

slide-26
SLIDE 26

booters are cheap

Essyn.Club Stresser exotic-power.pw Stresser ipstressing.xyz Stresser blunter.black demonic.io Fruitstresser.net ipstressing.ga

slide-27
SLIDE 27

vDos Stresser

slide-28
SLIDE 28

related research work

slide-29
SLIDE 29

Business is good, learn and replicate

Kadyrovtsi Stealth Ravens Use fame of MIRAI to make it sound scary “fake”Armada Collective

slide-30
SLIDE 30

copy cats

Easy to Reproduce, bet on scare-tactics, better win ratios than in CASINO!

slide-31
SLIDE 31

Copycats are prevalent

slide-32
SLIDE 32

Extortion by Business Peers

DDoS and sell a Security Product = PROOFFIITT!;)

slide-33
SLIDE 33

where are we heading to ..?!

It is all about money Bitcoin makes it easy! Anonymous, Global Everything can be “for RANSOM” NOW

slide-34
SLIDE 34

also for mobile

https://www.youtube.com/watch?v=W_B7uXNTNVg

slide-35
SLIDE 35
slide-36
SLIDE 36

Mobile (control panel)

slide-37
SLIDE 37

browser locker

slide-38
SLIDE 38

600 MLN of Rubles :)

http://news.tut.by/society/483103.html

slide-39
SLIDE 39

Everything “SMART”gets pwn3d already:)

slide-40
SLIDE 40

So why Ransom is “HOT”?

  • Accessibility and Affordability of Ready-to-Use Technologies
  • Low entry barrier - Tools come with UI, support. All you need is to

learn how to send ransom emails :)

  • High value and acceptable cost for a victim
  • Endless scalability and ease of reproduction for ransom cases

PROFFFFFIT!!!

slide-41
SLIDE 41

Questions?

fyodor_yarochkin@trendmicro.com