Upload File

ransomware threat information briefing - nist · pdf file · 2016-12-01–...

  • Home
  • Documents
  • Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec
17
Copyright 2016, Symantec Corporation Bill Wright Symantec Government Affairs 1 Ransomware and Businesses 2016 Ransomware

Upload: buique

Post on 10-Mar-2018

223 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

BillWrightSymantecGovernmentAffairs

1RansomwareandBusinesses2016

Ransomware

Page 2: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

CRYPTORANSOMWARE

“FEE”

LOCKERRANSOMWARE

“FINE”

FAKEAV

“CLEAN”

MISLEADINGAPP

“FIX”

2014-20152012-20132010-2011

Evolutionpath

2016InternetSecurityThreatReportVolume212

2005-2009

Page 3: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation3

GrowingDominanceofCrypto-Ransomware

MISLEADINGAPP FAKEAV LOCKERRANSOMWARE CRYPTORANSOMWARE

2016InternetSecurityThreatReportVolume21

Page 4: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

35%IncreaseinCrypto-RansomwareAttacks

4

35%

2016InternetSecurityThreatReportVolume21

Page 5: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Growthfactors

• Stillprofitablefortheattacker• Easyaccesstoencryption• Cryptocurrencies• Effectiveinfectionvectors• Adoptionofadvancedattacktechniques• Ransomwareasaservice

5RansomwareandBusinesses2016

100newfamiliesidentifiedin2015comparedto77in201479new families in2016sofar

TLP:GREEN

Page 6: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

RansomwareCryptolocker Expansion

6RansomwareandBusinesses2016

TLP:GREEN

Page 7: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Ransomdemandincreased

$372.53

$294.14

$679.65

$0

$100

$200

$300

$400

$500

$600

$700

$800

2014 2015 2016

Averageransomdemandhasmorethandoubled

7RansomwareandBusinesses2016

TLP:GREEN

Page 8: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Commoninfection methods

• Email– Scriptfile(Javascript,VBS,Powershell,…)• Canbeinarchives(Zip,RAR,HTA,WSF,…)

– Officewithmaliciousmacro(andsocialengineering)– LinktomaliciousfilesonDropbox&Co.

• InfectedWebsites– Webexploittoolkits– Malvertisement

• Targeted– Serverexploits (e.g.Jboss)– Bruteforcing passwords (e.g.RDP)

8RansomwareandBusinesses2016

TLP:GREEN

Page 9: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

ExampleofSpamEmailDistributingLocky

9RansomwareandBusinesses2016

Page 10: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

TypicalLocky RansomNote

10RansomwareandBusinesses2016

Page 11: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Wherearethevictims?

11RansomwareandBusinesses2016

3%Canada

8%

5%

United Kingdom

Belgium

Netherlands

India3%

Italy

3%

4% Germany

2% Australia

4%

8% Japan

United States 31%

TLP:GREEN

Page 12: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Businessesasatarget

RansomwareandBusiness201612

©2016, PaloAltoNetworks.ConfidentialandProprietary.

• Cybercrimeisnotjustanend-userproblem• 43%ofransomware infectionsoccurinsidebusiness

• OrganizationsarebeingtargetedAPT’s• Userbehaviorisbeingleveragedcriminally

• All Segments&VerticalsareAffected

Page 13: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Advancedattacktechniques

13RansomwareandBusinesses2016

Recentransomware attacksusetacticsandtechniquestypicallyseeninAPT-styleattacks

Infiltration Exploitserver-sidevulnerabilitiestogainaccesstothenetwork.

ReconnaissanceAttackersgatherinformationthatmay helpinlaterstagesoftheattack,suchasback-uppolicy.Informationgatheredmayalsobeusedintheransomnote.

Lateralmovement Attackersusepubliclyavailabletools toplotoutandtraversethenetworkandgainaccesstostrategiclocations.

Stealth Oncetheattack hasbeensuccessfullycarriedouttheattackersattempttohidetheirtracksbyremovinganytoolsused.

TLP:GREEN

Page 14: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Victimorganizationprofile

Services37.8%

Manufacturing17.2%

Public Administration 10.2%

Finance, Insurance, & Real Estate

9.8%

Wholesale8.9%

Transportation, Comms, & Utilities

6.6%

Retail4.3%

Construction3.9%

Mining1.0%

Agri, Forestry, & Fishing0.5%

WhataboutHealthcare?

Healthcareseeingmoretargetedattacksand

thereforenotreflectedinthenumbers

14RansomwareandBusinesses2016

TLP:GREEN

Page 15: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

Ransomware-as-a-service

15RansomwareandBusinesses2016

TLP:GREEN

Page 16: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Copyright2016,SymantecCorporation

RansomwareonSmartDevices

16Istartedoutwithnothing,andIstillhavemostofit.

• AndroidRansomwaredecreased

• IoT device ransomwarenotseen atlargeinthe wild

TLP:GREEN

Page 17: Ransomware Threat Information Briefing - NIST · PDF file · 2016-12-01– Malvertisement • Targeted ... Ransomware Threat Information Briefing Author: William Wright, Symantec

Thankyou!

Copyright©2016 SymantecCorporation.Allrightsreserved. SymantecandtheSymantecLogoaretrademarksorregisteredtrademarksofSymantecCorporationoritsaffiliatesintheU.S.andothercountries. Othernamesmaybetrademarksoftheirrespectiveowners.

Thisdocumentisprovidedforinformationalpurposesonlyandisnotintendedasadvertising. Allwarrantiesrelatingtotheinformationinthisdocument,eitherexpressorimplied,aredisclaimedtothemaximumextentallowedbylaw. Theinformationinthisdocumentissubjecttochangewithoutnotice.

Director,GovernmentAffairs&SeniorPolicyCounselBillWright

TLP:GREEN


2021 Ransomware Threat Report

Best Practices for Backing Up Your Data · Ransomware: An old threat gets new life. The reemergence of ransomware as a threat is reason enough that any organization should have a

DSCI THREAT INTELLIGENCE AND RESEARCH INITIATIVE Threat... · 2020. 9. 17. · Nefilim classified as ransomware, is a malicious program which was spotted in March 2020, when the ransomware

Ransomware: A Growing Menace · ransomware has become a serious threat. Background Ransomware which locked a screen and demanded payment was first seen in Russia/Russian speaking

Ransomware: 2016's Greatest Malware Threat

Healthcare Data Under Siege: Ransomware and the Cyber ... › sites › default › files › threatstop... · Healthcare Data Under Siege: Ransomware and the Cyber Threat Landscape

MAPPING THE RANSOMWARE LANDSCAPE - Bitpipedocs.media.bitpipe.com/io_13x/io_137963/item_1550281/Mapping T… · 2 RANSOMWARE GUIDE: MAPPIN THE RANSOMWARE LANSCAPE SCOPE OF THE THREAT

McAfee Labs Threat Advisory - Knowledge Center Labs Threat Advisory Ransomware-Locky February 22, 2018 McAfee Labs periodically publishes Threat Advisories to provide customers with

Booz Allen Industrial Cybersecurity Threat Briefing

RANSOMWARE THREATS€¦ · OUTLOOK: A BIG AND GROWING THREAT Q: In the next 12 months, do you believe ransomware and malware will be a larger or smaller threat to your agency? More

Threat Alert NotPetya Ransomware Attack...The NotPetya Ransomware Attack June 2017 A Deep Dive into the NotPetya Ransomware Attack This is a new variant of the Petya ransomware family

The Growing Threat of RansomwareThe Growing Threat of Ransomware BY BRIAN HEATER APRIL 13, 2016 07:00AM EST Ransomware can hit anyone, but hackers are increasingly going after targets

Ransomware: Evolution & Cyber Threat Landscapepages.accudatasystems.com/rs/729-XKH-207/images/Ransomware - … · 2 –M-Trends 2015: A View from the Front Lines. RANSOMWARE: THREATACTORS,

Ransomware - The Growing Threat

CTERA Minimizing the threat of Ransomware with enterprise file services

Ransomware and Digital Extortion - EXPLORE 2020 · •Overview of Ransomware/Digital Extortion and the Threat to Healthcare Industry •Case Studies of Healthcare Ransomware Attacks

Ransomware Threat Report : WannaCry fileRansomware Threat Report : WannaCry IN-DEPTH COVERAGE AND INSIGHTS OF THE WANNACRY RANSOMWARE FROM ARMOR’S SECURITY EXPERTS

HC3 Intelligence Briefing Update Ransomware Threat to

THE NEW CYBER THREAT AND HOW TO STOP IT - Acronisdownload.acronis.com/rc/Acronis Backup Service... · RANSOMWARE THE NEW CYBER THREAT AND HOW TO STOP IT RANSOMWARE: hackers hold your

MOBILE THREAT LANDSCAPE REPORTEvolving Threat Classes Remote Access Tools Banking Trojans Access Facilitation Ransomware Cryptomining Geographic Variations in the Threat Landscape

SamSam Ransomware Campaigns...Classification: //SecureWorks/Confidential - Limited External Distribution: SamSam Ransomware Campaigns Secureworks® Counter Threat Unit™ Threat Intelligence

RANSOMWARE A GROWING ENTERPRISE THREAT€¦ · A Brief History of Ransomware Following the evolution of ransomware, from a petty crime to a major economic windfall for global criminal

SamSam Ransomware Campaigns - … Ransomware Campaigns Secureworks® Counter Threat Unit™ Threat Intelligence Release date: THURSDAY, FEBRUARY 15, 2018 Summary In ®late 2015, Secureworks

RANSOMWARE THREAT LANDSCAPE OVERVIEW - FireEye · 2016-05-10 · RANSOMWARE THREAT LANDSCAPE OVERVIEW KEY POINTS • Since mid 2015, ... distribution of their payload—to “one-stop

The New Threat on Campus: Ransomware Locks Down Education

FEMA Region VI Weather Threat Briefing

Ransomware Threat Report : WannaCry

CROWDSTRIKE // WHITE PAPER RANSOMWARE A GROWING …€¦ · CROWDSTRIKE // WHITE PAPER RANSOMWARE A GROWING ENTERPRISE THREAT ... the sheer volume of ransomware variants released

Threat Intelligence Briefing

intech breakfast briefing blockchain and ransomware

FIGHTING BACK AGAINST THE RANSOMWARE EPIDEMIC€¦ · FIGHTING BACK AGAINST THE RANSOMWARE EPIDEMIC VIPRE.COM 2 Ransomware has become the No. 1 cyber-threat, ... so all companies

Minimizing the threat of Ransomware with enterprise file services

THE RISING THREAT OF RANSOMWARE - Wombat Security · 2018. 9. 18. · There are several well-known ransomware variants (including WannaCry, Locky, and Cerber). Many ransomware variants

Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

Cyber Threat Intelligence October 2020...Page 6 of 16 Maze ransomware is one of the most notorious ransomware groups. The operators behind Maze began combining ransomware attacks with