ransomware threat information briefing - nist · pdf file · 2016-12-01–...
Post on 10-Mar-2018
223 Views
Preview:
TRANSCRIPT
Copyright2016,SymantecCorporation
BillWrightSymantecGovernmentAffairs
1RansomwareandBusinesses2016
Ransomware
Copyright2016,SymantecCorporation
CRYPTORANSOMWARE
“FEE”
LOCKERRANSOMWARE
“FINE”
FAKEAV
“CLEAN”
MISLEADINGAPP
“FIX”
2014-20152012-20132010-2011
Evolutionpath
2016InternetSecurityThreatReportVolume212
2005-2009
Copyright2016,SymantecCorporation3
GrowingDominanceofCrypto-Ransomware
MISLEADINGAPP FAKEAV LOCKERRANSOMWARE CRYPTORANSOMWARE
2016InternetSecurityThreatReportVolume21
Copyright2016,SymantecCorporation
35%IncreaseinCrypto-RansomwareAttacks
4
35%
2016InternetSecurityThreatReportVolume21
Copyright2016,SymantecCorporation
Growthfactors
• Stillprofitablefortheattacker• Easyaccesstoencryption• Cryptocurrencies• Effectiveinfectionvectors• Adoptionofadvancedattacktechniques• Ransomwareasaservice
5RansomwareandBusinesses2016
100newfamiliesidentifiedin2015comparedto77in201479new families in2016sofar
TLP:GREEN
Copyright2016,SymantecCorporation
RansomwareCryptolocker Expansion
6RansomwareandBusinesses2016
TLP:GREEN
Copyright2016,SymantecCorporation
Ransomdemandincreased
$372.53
$294.14
$679.65
$0
$100
$200
$300
$400
$500
$600
$700
$800
2014 2015 2016
Averageransomdemandhasmorethandoubled
7RansomwareandBusinesses2016
TLP:GREEN
Copyright2016,SymantecCorporation
Commoninfection methods
• Email– Scriptfile(Javascript,VBS,Powershell,…)• Canbeinarchives(Zip,RAR,HTA,WSF,…)
– Officewithmaliciousmacro(andsocialengineering)– LinktomaliciousfilesonDropbox&Co.
• InfectedWebsites– Webexploittoolkits– Malvertisement
• Targeted– Serverexploits (e.g.Jboss)– Bruteforcing passwords (e.g.RDP)
8RansomwareandBusinesses2016
TLP:GREEN
Copyright2016,SymantecCorporation
ExampleofSpamEmailDistributingLocky
9RansomwareandBusinesses2016
Copyright2016,SymantecCorporation
TypicalLocky RansomNote
10RansomwareandBusinesses2016
Copyright2016,SymantecCorporation
Wherearethevictims?
11RansomwareandBusinesses2016
3%Canada
8%
5%
United Kingdom
Belgium
Netherlands
India3%
Italy
3%
4% Germany
2% Australia
4%
8% Japan
United States 31%
TLP:GREEN
Copyright2016,SymantecCorporation
Businessesasatarget
RansomwareandBusiness201612
©2016, PaloAltoNetworks.ConfidentialandProprietary.
• Cybercrimeisnotjustanend-userproblem• 43%ofransomware infectionsoccurinsidebusiness
• OrganizationsarebeingtargetedAPT’s• Userbehaviorisbeingleveragedcriminally
• All Segments&VerticalsareAffected
Copyright2016,SymantecCorporation
Advancedattacktechniques
13RansomwareandBusinesses2016
Recentransomware attacksusetacticsandtechniquestypicallyseeninAPT-styleattacks
Infiltration Exploitserver-sidevulnerabilitiestogainaccesstothenetwork.
ReconnaissanceAttackersgatherinformationthatmay helpinlaterstagesoftheattack,suchasback-uppolicy.Informationgatheredmayalsobeusedintheransomnote.
Lateralmovement Attackersusepubliclyavailabletools toplotoutandtraversethenetworkandgainaccesstostrategiclocations.
Stealth Oncetheattack hasbeensuccessfullycarriedouttheattackersattempttohidetheirtracksbyremovinganytoolsused.
TLP:GREEN
Copyright2016,SymantecCorporation
Victimorganizationprofile
Services37.8%
Manufacturing17.2%
Public Administration 10.2%
Finance, Insurance, & Real Estate
9.8%
Wholesale8.9%
Transportation, Comms, & Utilities
6.6%
Retail4.3%
Construction3.9%
Mining1.0%
Agri, Forestry, & Fishing0.5%
WhataboutHealthcare?
Healthcareseeingmoretargetedattacksand
thereforenotreflectedinthenumbers
14RansomwareandBusinesses2016
TLP:GREEN
Copyright2016,SymantecCorporation
Ransomware-as-a-service
15RansomwareandBusinesses2016
TLP:GREEN
Copyright2016,SymantecCorporation
RansomwareonSmartDevices
16Istartedoutwithnothing,andIstillhavemostofit.
• AndroidRansomwaredecreased
• IoT device ransomwarenotseen atlargeinthe wild
TLP:GREEN
Thankyou!
Copyright©2016 SymantecCorporation.Allrightsreserved. SymantecandtheSymantecLogoaretrademarksorregisteredtrademarksofSymantecCorporationoritsaffiliatesintheU.S.andothercountries. Othernamesmaybetrademarksoftheirrespectiveowners.
Thisdocumentisprovidedforinformationalpurposesonlyandisnotintendedasadvertising. Allwarrantiesrelatingtotheinformationinthisdocument,eitherexpressorimplied,aredisclaimedtothemaximumextentallowedbylaw. Theinformationinthisdocumentissubjecttochangewithoutnotice.
Director,GovernmentAffairs&SeniorPolicyCounselBillWright
TLP:GREEN
top related