1 The Rising Tide of Ransomware John Shier Senior Security Advisor @john_shier
1
The Rising Tide of Ransomware
John ShierSenior Security Advisor
@john_shier
2
Ransomware
3
Ransomware Increasingly Troublesome
$209m cost of
ransomware attacks in the
first quarter of 2016
300% increase in
ransomware attacks
since 2015Source - Symantec
Ransomware Discoveries
4
Ransomware Attacks Are Pervasive
Ransomware Targets
• Businesses (Retail)
• Public agencies (Education,
Healthcare, Government, Law
Enforcement)
Systems Impacted
• Windows, Mac, Linux
• Android
5
The AIDS trojan
6
Fake AV
7
Out with the old, in with the new
FakeAV
Ransomware
8
Police locker
9
Cryptolocker
10
Cryptolocker BitCash
11
Petya
12
Spam
13
Spam
14
Phishing
15
Phishing
16
Return of the mac(ro)
17
HD phishing
18
Locky
19
Locky
20
Cryptowall
21
Paths to exclude
windows
temp
cache
sample pictures
default pictures
sample music
program files
program file (x86)
games
sample videos
user account privileges
packages
Files to exclude
help_your_files.txt
help_your_files.html
help_your_files.png
Iconcache.db
Thumbs.db
Extensions to exclude
exe
dll
pif
scr
sys
msi
msp
com
htl
cpa
msc
bat
cmd
scf
Cryptowall
22
Tips for preventing ransomware
1. Don’t enable macros.
2. Consider installing Microsoft Office viewers.
3. Be very careful about opening unsolicited attachments.
4. Don’t give yourself more login power than necessary.
5. Patch, patch, patch.
6. Train and retrain employees in your business.
7. Segment the company network.
8. Back up your files regularly and keep a recent backup off-site
RANSOM DOES NOT GUARANTEE YOUR DATA BACK
Kansas Heart Hospital was hit with a ransomware attack on 18th of May 2016
It paid the ransom, but then attackers tried to extort a second payment
Source: Network Worldhttp://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html
FAIL PROOF RANSOMWARE PROTECTION
• Protection against ransomware o Regular time-indexed snapshot backupso Flexibility in backup frequency and data retention
policieso Comprehensive data protection for endpoints and
cloud appso Offsite data storage (AWS/Microsoft Azure) options
• Recovering from ransomware intrusiono 24/7 data accesso User/admin restoreo Locate suspicious files quickly on endpoints and
cloud apps
Ransomware
• Backup data regularly
• Recover at the device or file level
• Locate suspicious files via search
You Can’t Prevent Ransomware Attacks, But You Can Protect Against It
TIME-INDEXED BACKUPS WITH CONFIGURABLE GRANULAR CONTROLS
BACKUPS SHOULD BE COMPREHENSIVE
Mobile Devices – Smartphones and Tablets
Desktops and Laptops
Cloud Applications
IT/USER FILE LEVEL RESTORE FROM SNAPSHOTS
IT Initiated Restore
User Initiated Restore
RANSOMWARE FILE LEVEL SEARCH
SUMMARY AND KEY TAKEAWAYS
• Update your security softwareo Anti-virus and anti-malware softwareo Operating systems for all endpoints including desktops, laptops and
smartphoneso Patch, patch, patch.
• End-user awareness and education
• Protection against ransomware o Proactive: Regular time-indexed snapshot backupso Remediation: File level restore and search for infected files
• Trusted by over 4,000 enterprises
• Headquartered in Silicon Valley
• Worldwide offices and 24x7 support
• Among fastest growing data protection providers
30
ABOUT DRUVA