what is ransomware
play

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 - PowerPoint PPT Presentation

Aug 29, 2022 •129 likes •248 views

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary 1 Confidential & Proprietary Ransomware Overview Malware that blocks access to a system, device, or file until a ransom is paid

  1. What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary 1 Confidential & Proprietary

  2. Ransomware Overview • Malware that blocks access to a system, device, or file until a ransom is paid • The ransom is typically demanded in the form of cryptocurrency (e.g., Bitcoin) • The amount demanded can range from several hundred dollars up to and exceeding $1 million Confidential & Proprietary 2

  3. Opportunistic and Strategic Campaigns Opportunistic Targeting Leading to Strategic Targeting Confidential & Proprietary 3

  4. Ransomware Lifecycle Initial Access Execution Communication Malicious Email Ransomware System Communicates to Executes on System - C2 Server - Encryption Key Server Malicious Webpage Ransom Demand Encryption Malicious Code Encryption Process Malware Begins Demands Payment Compromised Managed Service Provider Vulnerable Server Confidential & Proprietary 4

  5. Current SLTT Ransomware Trends In recent months, K-12 schools were the most impacted SLTT sector ➢ IT and cybersecurity is typically under-resourced ➢ Flat network architecture ➢ Lots of targets ➢ Reports of school districts paying ransoms Confidential & Proprietary 5

  6. Ryuk ➢ First appeared in August 2018 ➢ Most reported ransomware for SLTTs in 2019 ➢ Leverages the TrickBot botnet for network access ➢ Highly impactful and costly ransomware attacks ➢ Targets backups and shadow copies https://www.cisecurity.org/white-papers/security-primer- ryuk/ Confidential & Proprietary 6

  7. Recent Ransomware Incidents • Pensacola, FL – December 2019 • Louisiana – July and November 2019 • Alabama Hospitals (3) – October 2019 • School District in Arizona – September 2019 • Texas (22 towns) – August 2019 • Greenville, NC – April 2019 • Baltimore – May 2019 • Atlanta – March 2018 Confidential & Proprietary 7

  8. EI-ISAC & Ransomware • 24 x 7 Incident Reporting via Security Operations Center – 1-866-787-4722 – soc@cisecurity.org • Incident response, digital forensics and malware analysis via Computer Emergency Response Team • Albert Network Intrusion Detection – Monitoring and Analysis Confidential & Proprietary 8

  9. Albert Event Generation and Analysis Confidential & Proprietary 9

  10. Albert – Ransomware Detection • Albert detects Ransomware in four ways – Ransomware executable download – Establishment of Command-and-Control – Encryption keys download – Periodic check-in traffic • Average time from Albert sensor detection to customer notification is 5 minutes • Actionable information provided to affected entity for action and system remediation • To find out more about network security monitoring, contact us at services@cisecurity.org Confidential & Proprietary 10

  11. Thank You Ben Spear 518.880.0705 Ben.spear@cisecurity.org Join the MS-ISAC https://learn.cisecurity.org/ms-isac-registration Confidential & Proprietary 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

Geoff Hale 1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad actors, both criminal enterprises and nation-states have made use of ransomware. What: Ransomware is a type of malware that encrypts

358 views • 6 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele Lenzini, and Daniele Sgandurra June 20, 2019 Ransomware Threat 1 Ransomware Threat 1 Deception-Based Anti-Ransomware In the context of ransomware,

507 views • 22 slides
Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

718 views • 33 slides
Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new attacker entrants, lower cost through kit automation, etc.) Take consumer and enterprise digital assets hostage using high- strength encryption

365 views • 18 slides
Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of Ransomware Technology Perspective and Attacked Devices Ransomware Economy Security Conditions Biomorphic Perimeterisation How to generate a

860 views • 61 slides
Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users files unless a ransom is paid.

517 views • 30 slides
Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy Bennett 2019 Cybersecurity Awareness Month Event October 22, 2019 2019 Texas Headlines Ransomware Ransomware Cyber criminals holding your data and

450 views • 23 slides
Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Locky Strike: Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts, FortiGuard Lion Team September 1, 2017 1 Cryptowall 2 This one? 3 Prevalence: Global ransomware Global Ransomware IPS Hits - February

647 views • 49 slides
How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How Healthcare IT Differs From General IT Agenda The Growing Threat of Ransomware What You Can Do Today To Protect Your Business How Healthcare IT

440 views • 32 slides
Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin Kirill Levchenko, Alex C. Snoeren, Damon McCoy Ransomware causes financial damages

798 views • 54 slides
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko https://arstechnica.com/information-technology/2012/11/mushrooming-growth-of-ransomware- extorts-5-million-a-year/

298 views • 13 slides
to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu

to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu

FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware Jian Huang Jun Xu Xinyu Xing Peng Liu Moinuddin K. Qureshi Encryption Ransomware Is Becoming More Aggressive May 12,

772 views • 75 slides
Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top Leaders-2019 www.vembu.com How to protect your business from a Ransomware attack? What is Ransomware? Types of Ransomware How it attacks? Stats for year

454 views • 16 slides
Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi

Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi

Tracking desktop ransomware payments end to end Elie Bursztein, Kylie McRoberts, Luca Invernizzi with the help of many people from UCSD, NYU, and Chainalysis Only 37% of users backup their data g.co/research/protect Since 2016 ransomware

746 views • 62 slides
Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern

Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern

Ransomware-as-a-Service: An Evolving Business Model Wednesday, April 29 at 11 AM Eastern Ransomware-as-a-Service: An Evolving Business Model Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording

998 views • 23 slides
Tactical and Practical Incident Response in the Cybersecurity Age Nationwide Childrens

Tactical and Practical Incident Response in the Cybersecurity Age Nationwide Childrens

Tactical and Practical Incident Response in the Cybersecurity Age Nationwide Childrens Hospital a Complex Organization 1.2 Million annual visits 60+ locations > 15k user accounts More than a hospital HIPAA, FISMA,

676 views • 43 slides
Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech

Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech

Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY 12061 Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington, VA 22209 Center for Internet Security 2

205 views • 19 slides
Resources for State, Local and Tribal Governments Greta Noble Senior Program Specialist MS-ISAC

Resources for State, Local and Tribal Governments Greta Noble Senior Program Specialist MS-ISAC

Federally-funded Cyber Threat Resources for State, Local and Tribal Governments Greta Noble Senior Program Specialist MS-ISAC 518.880.0740 Greta.noble@cisecurity.org State, Local, Tribal, or Territorial Government Entity 2 TLP: WHITE

562 views • 20 slides
Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani

Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani

Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani Officer-In-Charge, Computer Emergency Response Team of Mauritius (CERT-MU) Presentation Outline What CERT-MU does? Critical Infrastructures

604 views • 32 slides
Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department

Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department

Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department Purpose and Goal Purpose: Provide safe, secure, economical, reliable and compliant power generation under the Priest Rapid Project Federal Energy

884 views • 53 slides
Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona

Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona

Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona Preparedness Month Get Citizens and Businesses thinking about personal preparedness Make them aware of various projects that the County is doing

404 views • 6 slides
Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org bfoer@isalliance.org 703-907-7028 703-907-7799 202-236-0001 ISA Board of Directors J. Michael Hickey , 1st Vice Chair Ty Sagalow, Esq ., Chairman

446 views • 43 slides
Situational Awareness Threat Report (SATR) Presenters: Stacie Green & Casey Kahsen United

Situational Awareness Threat Report (SATR) Presenters: Stacie Green & Casey Kahsen United

Situational Awareness Threat Report (SATR) Presenters: Stacie Green & Casey Kahsen United States Computer Emergency Readiness Team (US-CERT) 13 January 2016 Outline 1. Goal of SATR 2. Overview of SATR 3. Components of SATR 4.

532 views • 18 slides

More recommend