of digital world - escanav.comdownload1.mwti.net/.../white_paper/escan-ransomware.pdf ·...

1 # Choice of DIGITAL WORLD Enterprise Security www.escanav.com An ISO 27001 Certified Company

Upload: vuongkhanh

Post on 21-Aug-2018

215 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

1#Choice

of DIGITALWORLD

Enterprise Security

www.escanav.comAn ISO 27001 Certified Company

Page 2: of DIGITAL WORLD - escanav.comdownload1.mwti.net/.../White_Paper/eScan-Ransomware.pdf · 2018-02-07 · 1. We started our tryst with Ransomware when it started gaining prominence

www.escanav.com 1.

We started our tryst with Ransomware when it started gaining prominence

way back in 2012, however Ransomware has been around for almost a

decade.

During the initial stages, Ransomware created the effect of awe and shock,

unlike Trojans or Malwares or APTs, Ransomware made its presence known.

The only differentiating factor was that the message was Loud and Clear – You

have been Infected.

For all these years, we have been observing the covert methods of a virus

while it was silently infecting the system, staying resident and infecting other

systems, moreover, many of these viruses started implementing the logic of

Command and Control, wherein, vital information was being discreetly

leaked or stolen. The level of expertise required for writing a virus was

tremendous as the author had to always find ways to stay a step or two ahead

of the detection mechanisms and at the same time, the criminals had to invest

into infrastructure which would handle the stolen information.

These criminals also rented out these very infected systems, commonly

known as Zombie Computers, to other criminals , who would then carry out

their nefarious activities viz. Sending Spam, Initiating DDOS attacks , Bitcoin-

mining etc.

However, when we speak about Ransomware, during the initial days, they

were thought of as a highly sophisticated piece of code, since encryption was

involved. However, Ransomware creators also evolved their tactics and

started identifying the important files which would be attacked. There are

numerous encryption libraries available which can be used by not just the

advanced programmers but also by the script kiddies. It wasn’t imperative for

the programmer to be an expert in encryption, since all the information was

readily available and the points of interest from the ransomware author’s

perspective were -

1. Ability to sneak into the system.

2. Encrypt the files based on their extensions.

3. Transfer the encryption keys back to the CNC server.

Ransomware infection routines came in various forms, started off as a

compressed binary, and when the various vendors started blocking such files

from gaining a foothold, we started finding Ransomware being delivered as

embedded macros in Doc or Docx files. Very recently, they started using

javascripts, VB Scripts and Powershell based scripting to create Ransomware.

1#Choice

of DIGITALWORLD

Enterprise Security

www.escanav.com 2.

1#Choice

of DIGITALWORLD

Enterprise Security

Buenas Prácticas CCN-CERT BP-04/16 Ransomwarejacmatic.com/NOVAWEB/documents/Ransomware.pdf · Buenas Prácticas . CCN-CERT BP-04/16 Ransomware. Marzo de 2017 . SIN CLASIFICAR 2 SIN

Broadbalk Continuous Wheat Started in 1843 Started in 1852

GETTING STARTED Getting Started Getting Started to Success Session 1

LTspice IV Getting Started GuideLTspice IV Getting Started Guide

Analysis of Cerber Ransomware - Attila Suszter of Cerber Ransomware.pdf · Symptoms of compromise The following symptoms were observed on a computer compromised by Cerber ransomware

Fraudulent website spotted selling Jio sim cardsdownload1.mwti.net/marketing/news-pr/India/Fraudulent-website... · Fraudulent website spotted selling Jio ... .i ndi ati m es.com

1. 4.1 Get Started...1. 4.1 Get Started

What is it and What to do about it?acg.pnp.gov.ph/main/images/downloads/ransomware.pdf · What is it and What to do about it? ... awareness and training a critical ... encourage you

Getting Started V6 - Data and Information Services Center ... · DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING

WinCC flexible Getting Started Básico - Grup DAP · WinCC flexible Getting Started Básico Getting Started, Edición 04/2006, 6ZB5370-1CL04-0BA2 Bienvenido al «Getting Started –

LTspice IV Getting Started GuideLTspice IV Getting Started

Life Life started started

Getting Started Chapter 1. Getting Started Getting Startedmsi-ftp.de/Manuals/7187-englv1.0-MS-7187.pdf · Getting Started Chapter 1. Getting Started Getting Started Thank you for

MendeleyMendeley Manual - Getting Started Manual - Getting Started

eScan de nuevo en Venezuela.. y repotenciado - Main Pagedownload1.mwti.net/marketing/news-pr/India/eScan-de-nuevo-en... · corporativos y para el hogar que ... , utilizada por otros

Bajaj Electricals Limited v2 - Main Page - eScan Wikidownload1.mwti.net/marketing/Case_Study/Bajaj_Electricals_Limited.… · Bajaj Electricals Limited is an Indian consumer electrical

Getting Started Guide - Engravers Network · DCS_Direct_Jet_1024UVMVP_Getting_Started_Guide_1.2_030314 Getting Started Guide

Getting Started V5 - Thomson Reuters · DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING STARTED GUIDE DATASTREAM GETTING STARTED GUIDE DATASTREAM

Marinating Minds: Getting Started before We Get Started

Let’s get started! Let’s get started! CTE Foods Presents………………

211 Hayden, Ernie - Data Breaches Ransomware › ... › 211-Ransomware.pdf · Lockscreen Ransomware Locks screen and demands payment – no files encrypted Master Boot Record Ransomware

Malware Report July 2013 - escanav.comdownload1.mwti.net/.../eScan14/Reports/Malware_Report_July_2013.pdf · Anti-Virus & Content Security Bots are one of the most complex pieces

Consola de Manejo de eScan (EMC) Guía del Usuariodownload1.mwti.net/download/wikifiles/eScan10/EMC... · eScan es un extenso y exhaustivo software de seguridad de contenido y de

Getting Started - sts.org · Not Started O Not Started O Not Started O Not Started O Not Started O Not Started O Not Started O Not Started O COURSE CONTENT RESOURCES Next O CV33:

Con Seguridad en La Nube para PYME - download1.mwti.netdownload1.mwti.net/marketing/New_Artworks/eScan14/Spanish/QRG/… · Esta herramienta escaneará la memoria para averiguar si

Getting Started Guide - Informatica · Getting Started Guide - Informatica ... - Profiling

Getting started With Excel Getting started With Excel

Deployment of eScan Corporate Edition at Crompton Greavesdownload1.mwti.net/.../Case_Studies/Case_Studies_Crompton_Greav… · Organization Established in 1937 (India), Crompton Greaves

Getting started Deployment Getting started

Getting Started Chapter 1. Getting Started Getting Started

Anti-Virus & Content Security C-Edge Case Studydownload1.mwti.net/marketing/Case_Study/C-Edge... · formed as a joint venture by Tata Consultancy Services Ltd. ... Be an integrated

Suite de Seguridad de Contenido y Seguridad de …download1.mwti.net/marketing/New_Artworks/eScan14/Presentations/... · RedHat/SuSe/Ubuntu/Debian/Centos ... Seguridad de Contenido,

The Rise of Ransomware & How to Defend Against itww1.prweb.com/.../14420834/The-Rise-of-Ransomware.pdf · Ransomware follows an attack pattern that consists of 5 steps. In most cases,

eScan Corporate Compitator - Main Pagedownload1.mwti.net/marketing/New_Artworks/.../eScan_Corporate... · Inteligence (GTI) System Watcher Smart Protection Network Protective Cloud

Unbenannt-1download1.mwti.net/marketing/New_Artworks/eScan14/Germany/... · Title: Unbenannt-1 Author: Design Created Date: 2/1/2013 2:52:25 PM