RANSOMWARE. All Locked Up and No Place to Go. Mark

Similar documents
KASPERSKY ENDPOINT SECURITY FOR BUSINESS

ENDPOINT SECURITY FOR BUSINESS: TECHNOLOGY IN ACTION

Massive Attack WannaCry Update and Prevention. Eric Kwok KL.CSE

No Stone. and Servers Alike.

MRG Effitas 360 Degree Assessment & Certification Q4 2017

MRG Effitas 360 Degree Assessment & Certification Q1 2018

Securing the SMB Cloud Generation

MRG Effitas 360 Degree Assessment & Certification Q MRG Effitas 360 Assessment & Certification Programme Q2 2017

ONLINE BANKING: PROTECTION NEEDED INTRODUCING KASPERSKY FRAUD PREVENTION PLATFORM

MRG Effitas 360 Assessment & Certification Programme Q4 2015

Free antivirus software download

Stop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer

DOCUMENT* PRESENTED BY

RETHINKING SECURITY. Fighting Known, Unknown and Advanced Threats. kaspersky.com/business

protectiontestagainst ransomwarethreats

Getting over Ransomware - Plan your Strategy for more Advanced Threats

How To Remove Personal Antivirus Security Pro Virus Windows 8

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Best Practical Response against Ransomware

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

How To Remove Personal Antivirus Security Pro Virus

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Course Outline (version 2)

Free antivirus software download windows 10

How To Removing Personal Antivirus Security Pro From Windows 8

How To Remove Personal Antivirus Security Pro Virus Manually

Kaspersky Security Network

FILELESSMALW ARE PROTECTION TEST OCTOBER2017

Anti-Virus Comparative

Symantec Ransomware Protection

Kaspersky Small Office Security 5. Product presentation

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Personal Cybersecurity

Kaspersky Internet Security - Top 10 Internet Security Software in With Best Antivirus, Firewall,

Norton Security for Professionals Partner Deck Ingram Micro Cloud Marketplace

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

THE REAL TRUTH BEHIND RANSOMWARE EDDY WILLEMS SECURITY EVANGELIST

Kaspersky Open Space Security

Endpoint Protection : Last line of defense?

Countering ransomware with HPE data protection solutions

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Service Provider View of Cyber Security. July 2017

MRG Effitas Test Plan for Q Degree Assessment and Certification

Symantec Endpoint Protection 14

MRG Effitas Real Time Protection Test Project, First Quarter Q MRG Effitas Real Time Protection Test Project, First Quarter (Q2 2013)

Webroot SecureAnywhere AntiVirus (2015)

9 Steps to Protect Against Ransomware

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

MRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

What is an Endpoint Protection Platform?

How To Remove Xp Internet Security 2011 Virus Manually

Remove Mcafee Antivirus Plus 2013 Link Version For 90 Days

IT & DATA SECURITY BREACH PREVENTION

Cyber Attack: Is Your Business at Risk?

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

How To Remove A Virus Manually Windows 7

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

About Lavasoft. Contact. Key Facts:

Synchronized Security

Ransomware Protection

Next Generation Endpoint Security Confused?

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org

MESSAGING SECURITY GATEWAY. Solution overview

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

The Business of Malware IT Security Presentation

360 Degree Assessment & Certification

TOMORROW S SECURITY, DELIVERED TODAY. Protection Service for Business

Comparison Of Antivirus Software

Second International Barometer of Security in SMBs

Discount Bitdefender Security for SharePoint website for free software ]

2018 Cyber Security Predictions

BEST PRACTICES FOR PERSONAL Security

Invincea Endpoint Protection Test

Home Anti-Virus Protection

Norton 360 vs trend micro vs mcafee vs symantec: which anti-virus solution is best

Proactive Protection Against New and Emerging Threats. Solution Brief

How To Remove Virus Without Antivirus In >>>CLICK HERE<<<

MRG Effitas Online Banking / Browser Security Assessment Project Q Results

4 Information Security

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Symantec Endpoint Protection 12

Protecting Your Enterprise Databases from Ransomware

Advanced Threat Control

Home Anti-Virus Protection

PROTECTING YOUR BUSINESS ASSETS

Home Anti-Virus Protection

Built without compromise for users who want it all

Keeping Your PC Safe. Tips on Safe Computing from Doug Copley

Coupon BitDefender Corporate Security 3 Years 10 PCs internet download software for pc ]

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

QUICK START GUIDE. Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / Home Server 2011

How To Remove A Virus Manually Windows 7 Without Antivirus Security Pro

MOST TESTED. MOST AWARDED. KASPERSKY LAB PROTECTION.*

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Home Anti-Virus Protection

WHY ANTIVIRUS WILL NEVER DIE ADVANCED DETECTION FOR DUMMIES EDDY WILLEMS SECURITY EVANGELIST

Transcription:

RANSOMWARE All Locked Up and No Place to Go Mark Villinski @markvillinski

$1 Billion in 2016?? http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/

WHAT IS RANSOMWARE? Ransomware is a type of malware that attempts to extort money from a computer user by infecting or taking control of a victim s machine or the files or documents stored on it. Typically, the ransomware will either lock the computer to prevent normal usage or encrypt the documents and files to prevent access to the saved data. Prevents you from accessing Windows or other devices. Encrypts files so you can t use them. Stops certain apps from running.

RANSOMWARE BY THE NUMBERS 48.3% The number of users attacked by encryption ransomware increased by 48.3% in 2015. 753,684 Ransomware was detected on 753,684 computers in 2015. 50,000 In 2015, Kaspersky Lab detected crypto-lockers on more than 50,000 corporate computers. $24 MILLION In 2015, victims paid a total of over $24 million in some 2,453 reported ransomware attacks, according to a report from the FBI Internet Crime Complaint Center.

RANSOMWARE BY THE NUMBERS x5.5 x4 The number of users attacked with cryptors rose 5.5 times between 2014 and 2015. The number of users attacked with mobile ransomware grew almost 4 times from 2014 to 2015.

RANSOMWARE BY THE NUMBERS The overall number of cryptor modifications in our malware collection to-date is at least 26,000. 21 new cryptor families and 32.091 new modifications were detected in Q3 2016. In Q3 2016, 821,865 unique users were attacked by cryptors 2.6 times more than in the previous quarter. Number of new cryptor samples in our collection Number of users attacked by ransomware 6

2014-2016 trends The number of users encountering ransomware (including Encryptors and Downloaders that load encryptors) at least once in the period from April 2014 to March 2016

2014-2016 trends Type of users encountering ransomware in 2014-2016

THE PERFECT CRIME Motivation A digital version of extortion. Plays on fear and embarrassment. A very lucrative way to make money. CryptoLocker rakes in $30 million every 100 days. Payments Average payment for an individual ransomware victim: $300 Average payment for a business ransomware victim: $10,000 = The perfect crime 1. Low cost of entry 2. Successful 3. Hard to trace

HOW DO WE GET INFECTED WITH RANSOMWARE? An email message A social networking site An instant message

Phishing E-mails are used for distribution

RANSOMWARE ON MOBILE DEVICES Mobile victims (mostly Android) get infected with the ransomware via drive-by downloads. In other cases, they download the ransomware by downloading fake apps that masquerade as popular services such as Adobe Flash or an antivirus product.

Sample Ransomware Messages

The Anatomy of A Ransomware Attack TorLocker (Trojan-Ransom.Win32.Scraper)

The Ransomware Attack in Action Once launched, the Trojan starts by decrypting its data section with a 256-bit AES key. The first 4 bytes of this key are used as a sample ID, added to the end of the encrypted files. Then the Trojan is copied to a temporary folder, and a registry key for that copy's autorun is created. Next the Trojan creates several threads to do the following: 1. Search for and terminate the taskmgr.exe, regedit.exe, procexp.exe, procexp64.exe processes. 2. Delete all system recovery points. 3. Encrypt the user's office documents, video and audio files, images, archives, databases, backup copies, virtual machines encryption keys, certificates and other files on all hard and network drives

Encryption The user's files are encrypted with AES- 256 with a randomly generated one-time key Key = (VolumeSerialNumber * strlen(computername)) mod 128, where strlen(computername) is the length of the computer's name, and VolumeSerialNumber is the serial number of the logical drive on which Windows is installed.

LETS PLAY A GAME $70 Billion *You would run out of money if you were the wealthiest man in the world. $241 Trillion *All the money on earth would be spent. 1 CENT= 1 GUESS Guess how many color combination there are. EXAMPLE EXAMPLE GUESSES GUESSES EXAMPLE GUESSES LOOK HOW MUCH IT COSTS TO CRACK THE CODE OF RANSOMWARE (2^16)/100= $655.33 2 4 8

The Ransom Demand

To Pay or Not to Pay?

Decryption When the ransom payment is received, TorLocker contacts the cybercriminals' C&C servers via the Tor network and the polipo proxy server, to receive a private RSA key. With this key, the Trojan decrypts the AES key for each encrypted file, and then decrypts the files. Although Trojan-Ransom.Win32.Scraper (TorLocker) encrypts all files with AES-256 + RSA-2048, in 70%+ cases they can be decrypted because of the errors made during the implementation of cryptography algorithms.

Ransomware history 1989 First known ransomware was the 1989 AIDS Trojan (also known as "PC Cyborg") written by Joseph Popp. 2005 Extortionate ransomware became prominent in May 2005. 2006 By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes.

Not just windows

Ransomware Victims

Ransomware Gangs

10 TIPS TO PROTECT YOURSELF FROM RANSOMWARE 1. Back up your files regularly. 2. Check your backups. 3. Protect against phishing attacks. 4. Trust no one. Or rather, trust but verify. 5. Enable Show file extensions option in the Windows settings. 6. Regularly update your operating system. 7. Use a robust antivirus program to protect your system from ransomware. But if ransomware hits 8. Cut off your internet connection immediately. 9. Don t pay the ransom. 10. Try to identify the malware.

FBI Encouraging Reporting

noransom.kaspersky.com

MARKET PULSE Ransomware May 2016 CONDUCTED FOR: Kaspersky

More than half (57%) of organizations report they ve been a target of ransomware. Familiarity with Ransomware Ransomware is a type of malware that attempts to extort money from a computer user by infecting or taking control of a victim s machine or the files or documents stored on it. Typically, the ransomware will either lock the computer to prevent normal usage or encrypt the documents and files to prevent access to the saved data. Prevents you from accessing Windows and other devices Encrypts files so you can t use them. Stops certain apps from running. We had a user perform online shopping with her work laptop at home and visit an infected site. She came in the next morning and the files she had access to were encrypted on several servers. 36% 7% 57% More familiar than I d like to be, my company has been a target of ransomware Familiar, my company hasn t been targeted to the best of my knowledge but I ve heard and/or read a lot about it Somewhat familiar, my company hasn t been targeted to the best of my knowledge but I know something about it

The level of concern about ransomware is high typically rated as an 8 on a 10-point scale where 10 is extremely concerned. Level of concern about the threat ransomware poses to your organization 67% Those that have been a target of ransomware are more likely than others to be highly concerned about the threat of ransomware. 28% I'm concerned about the time and effort it would take to solve the infection issue should it be a newer version that can spread/travel via the network. 5% 8/9/10 4/5/6/7 1/2/3 Extremely concerned Average: 8.0 Not at all concerned Q2.Using the 10-point scale below, please indicate your level of concern about the threat ransomware poses to your organization. Base: 165 qualified respondents

Top concerns regarding ransomware include productivity drops and the cost of system recovery. Level of Concern About Business Impact of Ransomware Extremely concerned (8/9/10) 4/5/6/7 Not concerned (1/2/3) Reduced productivity 68% 27% 5% Cost of system recovery 62% 32% 7% Losing access to intellectual property and design data 55% 33% 13% Damage to company reputation 55% 35% 11% Lost sales/drop in sales revenue 30% 37% 33% Q3. How concerned are you about the following potential business impacts of ransomware? Base: 165 qualified respondents

The average cost of a ransomware attack (among those who have been a target) is estimated to be between $2,000 and $3,000. How much did the ransomware attack cost your company? Cost on Average: $2,687 Less than $100 11% $100 to less than $1,000 $1,000 to less than $5,000 $5,000 to less than $10,000 20% 29% 35% Over $10,000 Don t know 1% 4% Q5b. How much do you estimate the ransomware attack cost your company? Base: 94 respondents have been a target of ransomware

The average cost of a ransomware attack (among those who have been a target) is estimated to be between $2,000 and $3,000. How much did the ransomware attack cost your company? Cost on Average: $2,687 Less than $100 11% $100 to less than $1,000 $1,000 to less than $5,000 $5,000 to less than $10,000 20% 29% 35% Over $10,000 Don t know 1% 4% Q5b. How much do you estimate the ransomware attack cost your company? Base: 94 respondents have been a target of ransomware

Most respondents indicate their organizations are unlikely to pay ransom in the event of a ransomware attack. Likelihood to pay ransom in the event of a ransomware attack 72% 5% 23% 8/9/10 4/5/6/7 1/2/3 Extremely likely Average: 2.7 Not at all likely Q14. How likely is your organization to pay the ransom in the event of a ransomware attack? Base: 165 qualified respondents

Less than one third is highly confident that their organization can prevent future ransomware attacks. Confidence your organization can prevent ransomware from infiltrating in the future Those that have not been a target of ransomware are twice as likely than those previously targeted to be highly confident (8/9/10) that they can prevent ransomware attacks (47% versus 20%). 51% 32% 17% Extremely confident 8/9/10 4/5/6/7 1/2/3 Average: 6.0 Not at all confident Q6. How confident are you in your organization s ability to prevent ransomware from infiltrating your organization in the future? Base: 165 qualified respondents

While many do not feel confident in their ability to prevent a future ransomware attack, they are putting disaster recovery plans in place to prepare for the potential fallout. Do you have a disaster recovery plan in place? No, 11% Don't know, 4% Yes, 85% Q9. In the event your organization is attacked by ransomware in the future, do you have a disaster recovery plan in place? Base: 165 qualified respondents

80% consider it highly important to have Internet security as part of their strategy to prevent ransomware attacks. Importance of Internet security as part of strategy to prevent ransomware attacks 80% 16% 3% 8/9/10 4/5/6/7 1/2/3 Critical Average: 8.5 Not at all important Q8. How important is Internet security as part of your organization s strategy to prevent ransomware attacks? Base: 165 qualified respondents

However, many organizations are relying on backups, mail server security and patch management to mitigate ransomware attacks today. Technology organization is relying on to prevent ransomware attack Regular backups Mail server security Patch management 81% 78% 90% Larger companies with 1,000 or more employees are more likely than smaller companies to rely on Mail server security (86% vs 67%) and Patch management (82% vs 67%). Vulnerability assessment Web server security Web application security Application control 66% 60% 58% 51% Other 15% Q7. What technology is your organization relying on to prevent a ransomware attack? Base: 165 qualified respondents

While a majority have invested in employee education, there is still a high degree of uncertainty regarding the ability of employees to resist future attacks. Confidence that your employees know what to do to prevent ransomware from infiltrating organization 21% 61% 18% People remain our biggest security issue. It has been communicated but one employee has been hit 3 times. Has your organization invested resources to educate employees about ransomware? 32% 5% 62% Yes No Don't know Extremely confident 8/9/10 4/5/6/7 1/2/3 Average: 5.7 Not at all confident Those that have been a target of ransomware are more likely to invest in employee education programs (71%) versus others (51%). Q10. How confident are you that your employees know what to do to prevent ransomware from infiltrating your organization? Q11. Has your organization invested resources to employee education around the topic of ransomware? Base: 165 qualified respondents

Organizations who have successfully prevented ransomware attacks are more likely to rely on a variety of technologies. Technology organization is relying on to prevent ransomware attack Those who have successfully prevented a ransomware attack are significantly more likely to be investing in these technologies. Regular backups Patch management Mail server security Web application security Vulnerability assessment Web server security Application control Other None of the above 0% 2% 19% 19% 35% 35% 38% 52% 57% 57% 73% 83% 77% 74% 74% 90% 90% 88% Have successfully prevented a ransomware attack Have NOT successfully prevented a ransomware attack Q7. What technology is your organization relying on to prevent a ransomware attack? Base: 42 whose companies have successfully prevented a ransomware attack; 52 whose companies have NOT successfully prevented a ransomware attack

Known Threats HIPS & Firewall (network traffic) URL Filtering (web traffic) Anti-Spam (email traffic) Anti-Phishing (email traffic) Blacklisting Unknown Threats Heuristics Whitelisting App Control Advanced Threats BSS AEP Systems Watcher How to prevent a ransomware infection Vulnerability Assessment & Patch Management Kaspersky Security Network 70% 29% 1% File Download File Start File Execution Reactive Technologies Proactive Technologies

System Watcher with Advanced Exploit Prevention Our Approach to Combating Advanced Threats System Watcher Automatic Exploit Prevention Monitors application activity for suspicious behavior Monitors the most frequently targeted applications for exploit attack threats Quarantines suspicious application Rolls back any malicious activity Can block zero-day threats

Introducing Anti-Cryptor and the Untrusted Hosts Blocker for File share protection Anti-Cryptor is based on a patented Kaspersky Lab algorithm. It uses behavior analysis to detect and protect shared folders from encryption activity preventing a business from being locked out of its own files, and being forced to pay a ransom for their release. If any malicious activity is detected through Real Time File Protection or Anti- Cryptor activities, access to shared network folders is immediately restricted to a secure server, protecting files from damage by any malicious third parties. A part of Security 10 for Windows Servers

WHY KASPERSKY LAB? Vulnerability Scan Patch Management Remote Tools License Management System Provisioning (NAC) Network Admission Control PHYSICAL» VIRTUAL» MOBILE

Score of TOP 3 places MOST TESTED. MOST AWARDED. KASPERSKY LAB PROTECTION.* 100% 80% 60% In 2015 Kaspersky Lab products participated in 94 independent tests and reviews. Our products were awarded 60 firsts and achieved 77 top-three finishes. Avira ESET Bitdefender Kaspersky Lab 1st places 60 Participation in 94 tests/reviews TOP 3 = 82% Symantec 40% Quick Heal Sophos Avast BullGuard 20% Trend Micro AVG G DATA Panda Security F-Secure Intel Security (McAfee) * Notes: According to summary results of independent tests in 2015 for corporate, consumer and mobile products. Summary includes independent tests conducted by : AV-Comparatives, AV-Test, Dennis Technology Labs, MRG Effitas, NSS Labs, PC Security Labs, VirusBulletin. Tests performed in these programs assess all protection technologies against known, unknown and advanced threats. The size of the bubble reflects the number of 1st places achieved. Microsoft 0% 20 40 60 80 100 N of independent tests/reviews 45

Thank You Mark Villinski Mark.Villinski@Kaspersky.com @markvillinski

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback