a hackers perspective on ransomware

© 2016 Avecto Ltdavecto.com

A Hacker’s perspective on ransomware How ransomware works and how to prevent it

With Paula JanuszkiewiczCQURE: CEO, Penetration Tester / Security Expert

CQURE Academy: Trainer

MVP: Enterprise Security, MCT

*Based on Trustwave Global Security Report 2013/2014

~ 50% of organizations have experienced a

malware infection via email in the past calendar

year

$115 per user – amount spent on security software

in 2014

When $33 of that was underutilized or never used

~ 84% of IT Pros believe they need at least to

double their staff to respond to security issues

When 49% of security positions were left

unfilled in 2014

Source: http://pwc.com

Sad facts

Photo: the New York Times Magazine

Encrypts data

In theory: Once the payment is verified, the

program will decrypt the files

The private key that is used to decrypt the

infected files is on the C&C server

"C:\Windows\SYSWOW64\cmd.exe" /C

"C:\Windows\Sysnative\vssadmin.exe"

Delete Shadows /All /Quiet

Encrypts data stored on network shares if the

shared folders are mapped as a drive letter

on the infected computer

Infection spawns two processes of itself

It seemed to be a normal PDF file…

Public shamingOne of the latest version of CryptoWall was threatening to:

- Delete the keys to decrypt data

and…

- Publishing it online if they do not pay and follow the demands!

Photo: the New York Times Magazine

1. Back up the data

2.

3.

4.

5.

6.

7.

8.

9.

10.

11. Arrange Security Awareness campaigns

I know the traffic rules….

Awareness

They know the traffic rules….

… but does it guarantee that they are good

drivers?

Behavior

Culture

Users educated on best security practices

Regular quizzes / testing / workshops

Incident response plans established

Identified events to trigger the plan

Assessed data protection across all assets -endpoints, networks, regular data

AppLocker + SRP - when implemented wisely

Penetration testing evaluate how

resilient systems are to compromise

Code execution prevention or monitoring

Organizational Approach

Conclusion: Each organization can aim for a responsible security culture

© 2015 Avecto Ltdavecto.com

• Isolates browser, downloaded content and email attachments

• Mitigates ransomware / web threats

• Protect data and contain unknown threats

• #1 Defense strategy

• Easy to achieve whitelisting

• Regain control of unknown applications

• Mitigates 85% Critical Windows vulnerabilities

• Protect user and system

• Privileges when you need them

© 2016 Avecto Ltdavecto.com

For more information about Defendpoint or to arrange a demo,

please visit www.avecto.com