a growing threat debbie russ 1/28/2015. what is ransomware? a type of malware which restricts access...
TRANSCRIPT
A Growing ThreatDebbie Russ
1/28/2015
What is Ransomware?
A type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) to restore access.
Encrypting - encrypts files on the victims computer and then demands money for a private key to decrypt the files.
Non-encrypting - restricts access to the computer often by setting the Windows shell to itself or modifying the boot record until a “fix” is purchased from the creator(s).
Examples of Ransomware
Reveton
CryptoLocker
Email threats
Reveton
Nicknamed the “police trojan”Displays a message from “authorities” (local police
station, FBI, etc.) saying that your computer has been locked because illegal material was found and the user must pay a fine to have it unlocked Pornographic material Pirated music, movies, etc.
Often displays the correct name and logo for area authorities
Can contain footage from the computer’s webcam to make the user believe their actions are being recorded
All bad??
Reveton
CryptoLocker
Displays a message saying that your computer has been encrypted and you must pay to obtain the key to decrypt your files
If not paid within a certain amount of time (usually 72 hours) the key will be destroyed
More recent versions allow users to decrypt a few files for free to prove they can be recovered
Creator(s) have been known to make over $30 million in just a few months
CryptoLocker
Email Threats
Sony Three days before the attacks that crippled Sony
Pictures, the hackers sent an email to two executives that claimed to “do great damage to the company” if they weren’t paid
Apparently they didn’t pay….
Clay County Hospital in Flora, Illinois The hospital received an email containing patient
names, addresses, Social Security numbers and dates of birth
The sender threatened to make the information public unless “a substantial payment from the hospital” was made
Predictions for 2015
The healthcare industry is at a particularly high risk The mandate to move to electronic records The sensitive nature of health care data The immaturity of the information security practices that exist in
the health care industry today The cost of compromise could range from an inconvenience to
loss of lifeTargeted extortion-ware
An expansion on ransomware that targets users that have something to hide and threatens to expose evidence of infidelity, incriminating data, etc.
Much more targeted but the payment amount requested will be much higher per victim
Victims are much less likely to involve law enforcement due to the sensitive nature of the data
Predictions for 2015 cont…
McAfee predicts that ransomware variants will specifically target endpoints that subscribe to cloud-based storage solutions Once the endpoint has been infected, the ransomware
will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data
McAfee also predicts a rise in ransomware targeting mobile devices using virtual currency as the ransom payment method. Bitcoin has become a very popular method for payment
requests because the requestor can remain anonymous
Links
SC Magizine - Expect more ransomware and 'extortionwoare' in 2015
McAfee Threats PredicitionsThe Sony Hack and the Rise of Cyber Ransom
sNew CTB-Locker Variant Allows Victims to Re
cover 5 Files for FreePatient data held for ransom at rural Illinois h
ospitalSentinelOne
Labs - Advanced Threat Intelligence Report - 2015 Predictions
Ransomware to Target Cloud Storage in 2015 – Are You Ready?