enterprise security: ransomware in enterprise and corporate entities
TRANSCRIPT
Digital extortion
• Encryption Encrypts files with a password, stopping from opening them
• Lock screen uses a full-screen image or webpage to stop from accessing anything on computer
• MBR (Master Boot Record)
What is Ransomware?
• Cryptorbit aka Critroni aka CTB-Locker
• Cryptolocker
• CryptoWall aka Crowti
• ZedoPoo
• TorrentLocker aka Teerac
• TeslaCrypt
Types of Ransomware
Types of Ransomware…contd
What do the numbers tell us…
0
10000
20000
30000
40000
50000
60000
70000
80000
Oct' 2014 Nov' 2014 Dec' 2014 Jan' 2015 Feb' 2015 Mar' 2015
Ransomware Detection Statistics – Quick Heal
• Email attachments
• Part of another malware's payload
• Delivered by an exploit kit
• Using phishing links
• Through Vulnerabilities in Applications/plug-ins (like Adobe, Flash Player)
Infection Vectors
Office files PDF files Database files
Images & Drawings Games files
Targeted Files
SMSs or phone calls
to premium-rate
numbers
Prepaid electronic
payment – Ukash,
MoneyPack, PayPal
My Cash Cards
Bitcoins – virtual
currency which makes
it difficult to trace the
actual recipient of the
money
Payment Mechanisms
What are we doing about it?
Signatures Behavior Detection
System (BDS) New Tool
Preventive Steps
Applying important software updates and patches
Ensure that Windows Update is enabled to automatically download and apply regular security updates. Also ensure that your system has the latest Windows security patches installed. Also apply updates for important software which is regularly targeted, such as:
• Microsoft Office
• Java
• Adobe Acrobat Reader
• Web browsers like Internet Explorer, Chrome, Firefox, Opera etc.
• Adobe Flash Player
Regular backup of important data
It is very important to understand the need for data backup policies for all your important data. It is highly recommended that you periodically backup your important data using the right combination of ONLINE and OFFLINE backups. Do not keep offline backups connected to your system as this data could be encrypted in case of an infection.
Follow best security practices
1. Do not open and execute attachments received from unknown senders. Cybercriminals use ‘Social Engineering’ techniques to allure users to open attachments or to click on links containing malware.
2. Keep strong passwords for login accounts and network
shares.
3. Avoid downloading software from untrusted P2P or torrent sites. At times, they are Trojanized with malicious software.
• Do not download cracked software as they could propagate the added risk of opening a backdoor entry for malware into your system.
4. Ensure staff are educated in good computing practices
Thank You!