security hole #18 - cryptolocker ransomware
TRANSCRIPT
![Page 1: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/1.jpg)
dddd
![Page 2: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/2.jpg)
What people think hackers do?
![Page 3: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/3.jpg)
What hackers actually do?
![Page 4: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/4.jpg)
Social Engineering 4ever
![Page 5: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/5.jpg)
Statistics
![Page 6: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/6.jpg)
Ransomware
![Page 7: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/7.jpg)
• Searches for files with certain extensions: doc, docx, wps, xls, xlsx, ppt, pptx, pdf, jpg, dng, psd, raw, cer, crt, pfx, wallet …• Doesn’t touch system directories• Encrypts files with a 2048-bit RSA key pair• Paying the ransom results in decryption of the files• No way to decrypt the files without the private key• Ransomware done right!
Crypto Lockers
![Page 8: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/8.jpg)
Mobile ransomware
![Page 9: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/9.jpg)
Mobile ransomware
Android/Lockerpin
Android/SimplockerAndroid/Locker
![Page 10: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/10.jpg)
Mobile ransomware Android/Koler
![Page 11: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/11.jpg)
Big companies under attack
![Page 12: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/12.jpg)
Locky
![Page 13: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/13.jpg)
What about money?
![Page 14: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/14.jpg)
Statistics
![Page 15: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/15.jpg)
“Traffic today has varied between 1 new endpoint each second, to up to 5 per second. I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of million PCs will be infected”.
February 17, 2016
![Page 16: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/16.jpg)
Pay or not to pay?“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
![Page 17: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/17.jpg)
![Page 18: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/18.jpg)
Motto – “be opened to the world”
![Page 19: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/19.jpg)
One of cases
![Page 20: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/20.jpg)
One of cases
![Page 21: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/21.jpg)
Hacker database
![Page 22: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/22.jpg)
Hacked account
![Page 23: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/23.jpg)
TOP login names
![Page 24: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/24.jpg)
More then 11days, 68 ip, 21 countries94.23.170.170 45.32.83.236 89.184.84.84 195.154.209.174 190.10.9.246
212.83.168.145 193.34.8.158 178.22.50.250 109.237.89.107 46.175.191.254
104.45.28.180 96.11.19.194 12.139.34.20 97.65.80.4 94.136.45.239
46.98.123.93 74.208.153.91 62.205.128.83 76.79.234.170 212.48.66.50
195.138.198.199 94.158.46.227 178.238.92.22 212.57.114.159 109.107.232.75
89.179.244.173 78.37.97.102 91.223.180.250 78.85.33.136 89.151.134.231
163.158.144.184 77.232.25.22 172.245.123.14 188.247.66.213 92.253.126.26
134.249.149.96 176.36.19.10 5.53.117.49 113.160.199.25 74.208.112.162
83.110.216.111 80.82.64.117 91.218.19.12 85.238.100.202 64.38.204.98
61.182.72.16 185.28.110.35 199.189.254.245 179.111.212.254 37.152.8.236
39.109.19.1 37.122.210.243 91.243.29.89 195.70.37.67 211.141.150.55
198.74.113.208 217.73.91.183 24.97.22.154 195.175.104.78 81.176.239.250
14.147.145.218 78.63.234.219 93.75.39.135 190.10.8.29 5.134.114.154
![Page 25: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/25.jpg)
Deanonymization?
![Page 26: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/26.jpg)
Deanonymization?
![Page 27: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/27.jpg)
Revenue?Expectations Reality
![Page 28: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/28.jpg)
How to stay secure?
Software updates
and patches
SecurityAwareness
Low privilege access
Backups
Antivirus/Antispam
![Page 29: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/29.jpg)
How to secure your 1C with RDP?
• Regural backups.• Regural EXTERNAL backups• Access control for own IP addresses/networks.• VPN/IPSec• Password policy• Antibruteforce policy• Don’t use usuals logins (admin/alex/manager).
![Page 30: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/30.jpg)
Skype: ghost-bel
![Page 31: Security Hole #18 - Cryptolocker Ransomware](https://reader035.vdocuments.us/reader035/viewer/2022070603/5870e3881a28abcf288b53c1/html5/thumbnails/31.jpg)
OWASP Lviv Team