how to protect your organization from the ransomware epidemic
TRANSCRIPT
![Page 1: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/1.jpg)
![Page 2: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/2.jpg)
2014 - 2016 – Cryptowall 1.0 - 4.0 Ransomware takes steroids.
• Distributed using various exploit kits, spam campaigns and
malvertising techniques.
• Exchanges encryption keys with C&C over L2P network via
heavily obfuscated URL’s using “Domain Generation
Algorithm” (DGA).
• Tor used to serve ransom notification and service website,
allowing victims to make payments, find out the status of a
payment, get one free decryption, and create support
requests.
• Uses multiple encryption algorithms.
• Observed using undocumented API calls to identify local
language settings of the compromised host for better C&C
upgrades.
• Disables and deletes all automatic Windows backup
mechanisms, and can bypass GPO.
• Polymorphic and leverages anti-VM and anti-emulation
techniques.
![Page 3: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/3.jpg)
![Page 4: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/4.jpg)
![Page 5: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/5.jpg)
CIS Critical Security Controls
ISO 27000-series
NIST 800-53: Federal Information Systems
Management Act (FISMA)
Health Insurance Portability and Accountability Act
(HIPAA)
Payment Card Industry Data Security Standard (PCI
DSS)
Sarbanes-Oxley (SOX)
![Page 6: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/6.jpg)
Inventory of Assets
Secure Configuration
LoggingMalware
Defense
![Page 7: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/7.jpg)
![Page 8: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/8.jpg)
![Page 9: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/9.jpg)
![Page 10: How to Protect Your Organization from the Ransomware Epidemic](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ed97dd1a28abfc578b4683/html5/thumbnails/10.jpg)
tripwire.com | @TripwireInc