A Growing ThreatDebbie Russ

1/28/2015

What is Ransomware?

A type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) to restore access.

Encrypting - encrypts files on the victims computer and then demands money for a private key to decrypt the files.

Non-encrypting - restricts access to the computer often by setting the Windows shell to itself or modifying the boot record until a “fix” is purchased from the creator(s).

Examples of Ransomware

Reveton

CryptoLocker

Email threats

Reveton

Nicknamed the “police trojan”Displays a message from “authorities” (local police

station, FBI, etc.) saying that your computer has been locked because illegal material was found and the user must pay a fine to have it unlocked Pornographic material Pirated music, movies, etc.

Often displays the correct name and logo for area authorities

Can contain footage from the computer’s webcam to make the user believe their actions are being recorded

All bad??

Reveton

CryptoLocker

Displays a message saying that your computer has been encrypted and you must pay to obtain the key to decrypt your files

If not paid within a certain amount of time (usually 72 hours) the key will be destroyed

More recent versions allow users to decrypt a few files for free to prove they can be recovered

Creator(s) have been known to make over $30 million in just a few months

CryptoLocker

Email Threats

Sony Three days before the attacks that crippled Sony

Pictures, the hackers sent an email to two executives that claimed to “do great damage to the company” if they weren’t paid

Apparently they didn’t pay….

Clay County Hospital in Flora, Illinois The hospital received an email containing patient

names, addresses, Social Security numbers and dates of birth

The sender threatened to make the information public unless “a substantial payment from the hospital” was made

Predictions for 2015

The healthcare industry is at a particularly high risk The mandate to move to electronic records The sensitive nature of health care data The immaturity of the information security practices that exist in

the health care industry today The cost of compromise could range from an inconvenience to

loss of lifeTargeted extortion-ware

An expansion on ransomware that targets users that have something to hide and threatens to expose evidence of infidelity, incriminating data, etc.

Much more targeted but the payment amount requested will be much higher per victim

Victims are much less likely to involve law enforcement due to the sensitive nature of the data

Predictions for 2015 cont…

McAfee predicts that ransomware variants will specifically target endpoints that subscribe to cloud-based storage solutions Once the endpoint has been infected, the ransomware

will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data

McAfee also predicts a rise in ransomware targeting mobile devices using virtual currency as the ransom payment method. Bitcoin has become a very popular method for payment

requests because the requestor can remain anonymous

Links

SC Magizine - Expect more ransomware and 'extortionwoare' in 2015

McAfee Threats PredicitionsThe Sony Hack and the Rise of Cyber Ransom

sNew CTB-Locker Variant Allows Victims to Re

cover 5 Files for FreePatient data held for ransom at rural Illinois h

ospitalSentinelOne

Labs - Advanced Threat Intelligence Report - 2015 Predictions

Ransomware to Target Cloud Storage in 2015 – Are You Ready?