![Page 1: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/1.jpg)
Ransomware
![Page 2: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/2.jpg)
2
Speaker
● Kin (Sam) Wong, CEHv9
● Worked in
Public and Private Sectors
● Ethical Hacking w/ AI
![Page 3: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/3.jpg)
3
Learn
● Ransomware
– Who
– What
– Where
– When
– Why
– How
![Page 4: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/4.jpg)
4
Ransomware(NOUN)
● “A type of malicious software designed to block access to a computer system until a sum of money is paid.”
– https://en.oxforddictionaries.com/defnition/ransomware
![Page 5: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/5.jpg)
5
Ransomware - When
2017 - WannaCry
Symmetric
Asymmetric
![Page 6: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/6.jpg)
6
Ransomware - Who
HACKER
Business
VICTIMS
Medical
Home
.Gov
Hacker Wannabe
![Page 7: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/7.jpg)
7
Ransomware - WhatFootprint
DesignMalware
Send to Victims
Exploit System(Max $$$)
Lock System
Pay-Per-view(Public Key)
![Page 8: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/8.jpg)
8
Ransomware Algorithm
● Symmetric Key– One-time pad (Encrypt Data)
● Asymmetric Keys – Public Key (Encrypt One-time pads)– Private Key (Decrypt Public Key List)
STARTEND
LOCK FILE w/ OTP
LOCK OTP w/ Public-K
Unlock Public-K w/Private-K
![Page 9: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/9.jpg)
9
Ransomware Source Code
![Page 10: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/10.jpg)
10
Ransomware - Where
Exploit
Phishing E-MAIL
Download
![Page 11: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/11.jpg)
11
Phishing Email
PLZ Sign in?
OK
Got U,$%&#!
HACKER
HACKER
USER
![Page 12: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/12.jpg)
12
Exploit
● Exploit– Hack the Web Browser (Entry Point)
● Bufer/Heap Overfow● Web Application Injection
● Privilege Escalation– Weak File Privilege– Entered → Run Exploit →
Get Root → Domain Admin
CEO
HACKERUSER
![Page 13: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/13.jpg)
13
Advanced Exploit
● Jackpot– Obtains Domain Admin privilege then
infects all enterprise computers. ● Saudi Arabia State Oil Company (Cover-Up)
– Malfunction Oil Grids = Oil Price (>$80)– Record Deleted = Free Oil (Millions $$$)
![Page 14: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/14.jpg)
14
DownloadStep 1
Step 2
Step 3
Download
![Page 15: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/15.jpg)
15
Ransomware - Why
FTP
SICK
GF
![Page 16: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/16.jpg)
16
Ransomware - How
● Bitcoin(Entry) → Shapshift.IO(Money Laundering)*7X(TOR) → Bitcoin(Exit)
● Bitcoin(Ransom) → Etherum(Silkroad) →Litecoin(Blackdeath) → Monero(Childporn) → Bitcoin(Clean Money???) → Cash (Exit)
● Math– Fee (5%)– 7*5% = 35% commission
LESS IS MORE?? FACE ↔ FACE
7X
VPN
![Page 17: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/17.jpg)
17
Easy Ransomware Prevention
● Antivirus (Best Practice?)– Drive-by Download– Embedded In Pirate Software
● Patch Management/Exploit Mitigation– Web Browser Exploit– System Exploit (Priv.Esc.)
● Training– Phishing Email / Weak Password
![Page 18: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/18.jpg)
18
Bypass AV
● Compiler (Maybe)– VS .NET(C#), VSCC and GCC(C and C++)
● Interpreter (Maybe)– Powershell,Ruby,Python,Perl,Java,NodeJS
● More Tricks– 7-ZIP(SFX) +UPX (Packer)
“Our AV does not cover all assembly types” -AV Sales Guy
![Page 19: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/19.jpg)
19
Windows AppLocker
https://youtu.be/Z2-Sjw9UYdUHow to Confgure Applocker in Windows Server 2012 R2
![Page 20: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/20.jpg)
20
BackupRecovery
CLOUD
OFFSITE
INTERNAL
![Page 21: Ransomware - City University of New Yorkweb.math.jjay.cuny.edu/abstracts/KinWong.pdf · Kin (Sam) Wong, CEHv9 Worked in Public and Private Sectors Ethical Hacking w/ AI. 3 Learn Ransomware](https://reader034.vdocuments.net/reader034/viewer/2022042317/5f05cbe47e708231d414c076/html5/thumbnails/21.jpg)
21
Bye Bye
● Questions/Comments● Contact
– Email: [email protected]– Text: 646.461.0067
Ethical Hacker