ransomware seminar - rsa conference · pdf fileransomware seminar. #rsac 2 36% ... ninja /...
TRANSCRIPT
![Page 1: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/1.jpg)
#RSAC
Ransomware Seminar
![Page 2: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/2.jpg)
#RSAC
2
36% increase in ransomware attacksAs per Symantec’s 2017 report
Source: https://bit.ly/rsa-apj-rw-001
![Page 3: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/3.jpg)
#RSAC
3
4,000 attacks per dayAs per US Department of Justice
Source: https://bit.ly/rsa-apj-rw-002
![Page 4: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/4.jpg)
#RSAC
4
97% of phishing emails deliver ransomwareAs per PhishMe
Source: https://bit.ly/rsa-apj-rw-003
![Page 5: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/5.jpg)
#RSAC
5Source: https://bit.ly/rsa-apj-rw-004
![Page 6: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/6.jpg)
#RSAC
6
Welcome!
Start End
9:00 9:10 Opening remarks
9:10 9:55 Everything of Nothing: Understanding Cyber-Crime OrganizationsAamir Lakhani
10:00 10:45 From Ransomware to Extortion: The Inevitable Underground Economy EvolutionAndrei Barysevich
10:45 11:00 Networking Break
11:00 11:35 Defending Better by Understanding Cybercriminal MotivationsPanel discussion
11:40 12:10 Ransomware of Tomorrow: How To Be Ready For Future ThreatsEugene Aseev
12:15 12:50 Getting the Board On-Board: Ransomware’s Impact on your BusinessPanel discussion
![Page 7: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/7.jpg)
SESSION ID:SESSION ID:
#RSAC
Aamir Lakhani
Everything of Nothing: Understanding Cyber-Crime Organizations
SEM-W01
Senior Security StrategistFortinet / FortiGuard@aamirlakhani
![Page 8: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/8.jpg)
#RSAC
Disclaimer
8
This talk should be considered a work of fiction. Any resemblance, likelihood, and similarities to other events are purely coincidental. Any details inspired from real life events have been significantly changed or altered. The views, opinions, research do not necessarily represent anyone except my own. This talk to not endorsed by employerThis presentation involves an on-going case, active investigation. Key information has been changed, modified, anonymized, or redacted based on this.This case would have been possible without the many man hours of law-enforcement and district attorneys assigned to this investigation
![Page 9: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/9.jpg)
#RSAC
Who Am I?
Aamir LakhaniResearcher / ConsultantNinja / Pirate / Hacker
Time Magazine’s Person of the Year 2006…
![Page 10: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/10.jpg)
#RSAC
Person of the Year 2006
And so were...
![Page 11: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/11.jpg)
#RSAC
What I do for a living
What my friends think I do
What my mom think I do
What I wish I did What I really do
![Page 12: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/12.jpg)
#RSAC
How did we get here?
12
Introduced to captain of a large vice squad in the US
They are dealing with small crimes when it comes to cyber
Most cyber crimes are not investigated
Lack of resources
![Page 13: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/13.jpg)
#RSACThis presentation is around a real cyber crime investigation
13
This is not breaking, hot, Mr. Robot tale of a Hollywood hacker
This will not change the way you look at cyber
This will show you how every day law enforcement has to deal with ”cyber” criminals
![Page 14: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/14.jpg)
#RSAC
Understanding how credit card fraud works
14
Fraud is built into the cost of the card services
Card companies and most consumers expect fraud
Never taken seriously
![Page 15: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/15.jpg)
#RSACMoving to a new city and getting called by the police
15
How did I get started helping law enforcement fight cyber-crime
![Page 16: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/16.jpg)
#RSAC
How it all started….
Getting from A to B
Investigation into credit card fraud
Victims were
noticing lots of
charges to eBay,
PayPal, other retail
New officer wanted to investigate
Most officers would have dismissed it
Obtained search
warrant. Retailers gave
shipping address of
merchandise
Receiving address was
tied to multiple
fraud, stolen merchandise
Search warrant on receiver led to
further investigation
Most officers would have dismissed it.
Local police department were
receiving and investigating
claims of identity fraud and credit
card fraud.
New officer wanted to investigate
![Page 17: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/17.jpg)
#RSAC
Details around the Investigation
17
Items purchased with VISA gift cards. VISA gift card numbers are sent in batches to cities and stores. It took very little work to find out where VISA gift cards were purchased from.
Most gift cards were purchased from cash, but a large number were purchased on credit cards (STUPID).
Criminal was sent cash or gift cards to buy from local business and resell them.
![Page 18: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/18.jpg)
#RSAC
Mules
18
![Page 19: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/19.jpg)
#RSAC
Internet Mules
19
![Page 20: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/20.jpg)
#RSAC
Wild Union Security Services
20
Local business was operating as Wild Union Security Services (WUSS). Not their real name
Found no registered business under that name, no website. Investigation found that business.
Business reported over $5 million USD income over the last 4 years and paid taxes. Sold phone cards, gift cards, Web Money, BitCoinexchanges
![Page 21: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/21.jpg)
#RSAC
Money Exchange
21
Prepaid cards were being sold as high as 70% for convenience markup
Money Laundering?
Registering web sites (Registrars, and WHOIS)
BitCoin Exchanges
$20,000 of BitCoins
$10,000 of WebMoney or Reloadit Cards
$7,000 of Gift Cards
$5,000 of cash
![Page 22: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/22.jpg)
#RSAC
Trading BitCoins
22
Exchanged BitCoins for a gift cardGot receiver's BitCoin address
Using clustering and multiple transactions found multiple BitCoinaddresses associated with Western Union Security Exchange, Shopping, and Shipping Services, Inc.
To use BitCoins with WUSSS, one had to deposit BitCoints to their account. Those account was identified with other accounts
![Page 23: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/23.jpg)
#RSAC
Significant Developments
23
Event 1:
» Minor credit card fraud
Event 2:
» Warrants and Investigations led to illegal, unlicensed business.
Event 3:
» BitCoin clustering led to finding additional BitCoin wallets linked to major cyber crime and money laundering operations. Searched additional BitCoin addresses, found matches on Real Deal Black Market run on TOR
![Page 24: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/24.jpg)
#RSAC
BitCoins Linked to Criminals
24
![Page 25: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/25.jpg)
#RSAC
Additional Investigations
25
![Page 26: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/26.jpg)
#RSAC
26
![Page 27: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/27.jpg)
#RSAC
27
![Page 28: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/28.jpg)
#RSAC
Connecting the Dots (cyber-crime network)
28
Other cyber-criminals were involved in network of cyber-criminals
Similar cases found in other States and countries. Is this a cookbook for cyber-crime
Working with law-enforcement around the world.
![Page 29: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/29.jpg)
#RSAC
WalletExplorer – the Ideal Investigation tool
29
![Page 30: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/30.jpg)
#RSAC
Catching the Criminal
30
Function GetMyPublicIP() As String Dim HttpRequest As Object On Error Resume Next'Create the XMLHttpRequest object. Set HttpRequest = CreateObject("MSXML2.XMLHTTP") 'Check if the object was created. If Err.Number<> 0 Then 'Return error message. GetMyPublicIP = "Could not create the XMLHttpRequest object!" 'Release the object and exit. Set HttpRequest = Nothing ExitFunction End If On Error GoTo 0 'Create the request - no special parameters required.HttpRequest.Open "GET", "http://myip.dnsomatic.com", False 'Send the request to the site. HttpRequest.Send 'Return the result of the request (the IP string).GetMyPublicIP = HttpRequest.ResponseText End Function Function GetMyLocalIP() As String 'Declaring the necessary variables. Dim strComputer As String DimobjWMIService As Object Dim colItems As Object Dim objItem As Object DimmyIPAddress As String 'Set the computer. strComputer = "." 'The root\cimv2 namespace is used to access the Win32_NetworkAdapterConfiguration class. SetobjWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 'A select query is used to get a collection of IP addresses from the network adapters that have the property IPEnabled equal to true. Set colItems = objWMIService.ExecQuery("SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True") 'Loop through all the objects of the collection and return the first non-empty IP. For Each objItem IncolItems If Not IsNull(objItem.IPAddress) Then myIPAddress = Trim(objItem.IPAddress(0)) Exit For Next 'Return the IP string. GetMyLocalIP = myIPAddress End Function Function GetMyMACAddress() As String 'Declaring the necessary variables. Dim strComputer As String Dim objWMIService As Object DimcolItems As Object Dim objItem As Object Dim myMACAddress As String 'Set the computer. strComputer = "." 'The root\cimv2 namespace is used to access the Win32_NetworkAdapterConfiguration class. Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 'A select query is used to get a collection of network adapters that have the property IPEnabled equal to true.Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True") 'Loop through all the collection of adapters and return the MAC address of the first adapter that has a non-empty IP. For Each objItem In colItems If Not IsNull(objItem.IPAddress) ThenmyMACAddress = objItem.MACAddress Exit For Next 'Return the IP string.GetMyMACAddress = myMACAddress End Function
Warrant issued for “John Doe” by district attorney.
After significant communications with ”John Doe” we exchanged emails.
Inserted VB Code to get real IP, this was not malware or macro virus. Simply recorded MAC, Internal, External IP and saved to meta data.
New court order let us obtain identity of public account holder
![Page 31: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/31.jpg)
#RSAC
What Did We Find?
31
Cyber criminal was a user in his late teens
Eventually we seized $1.8 million in gift cards.
$3 million in sales of stolen good tracked thru eBay, PayPal, Craigslist, Back Page
New court order let us obtain identity of public account holder
![Page 32: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/32.jpg)
#RSAC
BitCoin Mixing
32
Bitcoins transactions are recorded in the ledger
Step #1: Create a wallet on the Internet. (wallet #1)
Step #2: Buy Bitcoins, and send the amount you want to mix to wallet #1.
Step #3: Create a second wallet, this time over the Tor network. (wallet #2)
Step #4: Send your bitcoins from wallet #1 directly to wallet #2.
Step #5: Create a third wallet, also over the Tor network. (wallet #3).
Step #6: Select which mixer you will be using, and set up your transaction there using the address(s) from wallet #3. It is best to use multiple addresses, and to set random time delays.
Step #7: Send the coins from wallet #2, over Tor, to the address generated for you by the mixer.Step #8: Assuming these coins are going to be sent to a darknet market… if you don’t already have your deposit address, log in and get it while having JavaScript disabled. Never use any market that requires you to enable JS!
Source: https://darknetmarkets.org/a-simple-guide-to-safely-and-effectively-mixing-bitcoins/
![Page 33: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/33.jpg)
#RSAC
Defense
Court order deemed too broad
Cannot send blindly malware
We ended up using FAX records from Western Union Security Exchange, Shopping, and Shipping Services, Inc
Issued new warrant to seize computer assets
Defense attorneys were representing John Doe on records
![Page 34: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/34.jpg)
#RSAC
Next Steps
Had judge issue new warrant to search for evidence of tax evasion
Forensics on copy machines and faxed machines contained evidence
SMOKING GUN: Faxes contained attacker’s Bitcoin wallet address and name.
» Able to use walletexplorer to tie all transactions to a person
Judge has ruled against District Attorney as a RICO case (Racketeer Influence and Corrupt Organization)
Defense attorneys are arguing digital forensic evidence should be allowed in trial from copy and fax machines.
![Page 35: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/35.jpg)
#RSAC
Next Steps
Spliced power to battery to keep fax machine turned on
Specialized devices to freeze memory, clone memory.
Created memory image file (e.g. you can use tools such as FTK or Volatility Memory Forensics
Fax Machine was running embedded Windows
Defense may be arguing on how we collected the fax machines
![Page 36: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/36.jpg)
#RSAC
Verdict
Catching more Cyber Criminals can be a deterrent
Investigations take time
Attribution is more of an art, then science
Understand the flow of funds, digital currency
On-Going case
I am not a lawyer nor law enforcement
![Page 37: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/37.jpg)
#RSAC
Did we make a difference?
![Page 38: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/38.jpg)
#RSAC
How do you protect yourself?
38
Should be fight fraud cases?
Is it too good to be true?
Self-Awareness
![Page 39: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/39.jpg)
#RSAC
How do I protect my organization
39
How to protect your organization?
Data feedsEmail filteringReputation FilteringLeaked credentials Leaked credit cards
![Page 40: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/40.jpg)
#RSAC
You are a victim, what’s next?
40
What can you do if you are victim?Do not ignore the situationWork with law-enforcement
Report to your employer’s IT department.
Cyber Hygiene Change passwordsVPNsNo open wireless
![Page 41: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/41.jpg)
#RSAC
Q and A
41
You can ask question now
Or
We can sit here awkwardly in
silence.
![Page 42: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/42.jpg)
#RSAC
42
Start End
10:00 10:45 From Ransomware to Extortion: The Inevitable Underground Economy EvolutionAndrei Barysevich
10:45 11:00 Networking Break
11:00 11:35 Defending Better by Understanding Cybercriminal MotivationsPanel discussion
11:40 12:10 Ransomware of Tomorrow: How To Be Ready For Future ThreatsEugene Aseev
12:15 12:50 Getting the Board On-Board: Ransomware’s Impact on your BusinessPanel discussion
![Page 43: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/43.jpg)
SESSION ID:SESSION ID:
#RSAC
Andrei Barysevich
From Ramsomware to Extortion: The Inevitable Underground Economy Evolution
SEM-W01
Director of Advanced CollectionRecorded Future@DeepSpaceEye
![Page 44: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/44.jpg)
#RSAC
Agenda
44
Three takeaways
History – from automated spreading to targeted phone calls
The actors – nobody knows your name
The future of victimization – difficult situation incentivizing additional ransomware
![Page 45: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/45.jpg)
#RSAC
History
45
![Page 46: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/46.jpg)
#RSAC
46
![Page 47: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/47.jpg)
#RSAC
Product Market Fit
47
![Page 48: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/48.jpg)
#RSACCryptoLocker – First Global Ransomware Campaign
48
![Page 49: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/49.jpg)
#RSAC
CryptoLocker – First Global Ransomware Campaign
49
![Page 50: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/50.jpg)
#RSAC
Brute Force Your Way In…
50
Off-the-shelf tools available cheaply
![Page 51: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/51.jpg)
#RSAC
Or Simply Buy the Access
51
![Page 52: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/52.jpg)
#RSAC
Actors
52
![Page 53: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/53.jpg)
#RSACCryptoLocker – First Global Ransomware Campaign
53
500,000 victims
$3 - $27 million in payments
![Page 54: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/54.jpg)
#RSAC
Copycats Took Over the Market
54
Over 100 ransomware variants between 2014-2016
![Page 55: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/55.jpg)
#RSAC
2015 – Introduction of Ransomware as a Service
55
• NO UPFRONT COST• 50/50 PROFIT SPLIT
![Page 56: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/56.jpg)
#RSAC
Ingenious Methods of Ransom Gangsters
56
NO C2C INFRASTRUCTURE DIRECT ENGAGEMENT WITH VICTIM
![Page 57: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/57.jpg)
#RSAC
TDO - Opportunistic Lifecycle
57
![Page 58: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/58.jpg)
#RSAC
58
![Page 59: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/59.jpg)
#RSAC
Extortion or Blackmail?
59
“Extortion is a form of theft that occurs when an offender obtains money, property, or services from another person through coercion. To constitute coercion, the necessary act can be the threat of violence, destruction of property, or improper government action. Inaction of the testimony or the withholding of testimony in a legal action are also acts that constitute coercion.”
“Blackmail, in contrast to extortion, is when the offender threatens to reveal information about a victim or his family members that is potentially embarrassing, socially damaging, or incriminating unless a demand for money, property, or services is met. Even if the information is true or actually incriminating, you can still be charged with blackmail if you threaten to reveal it unless the victim meets your demand.”
*source:criminal-law.freeadvice.com
![Page 60: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/60.jpg)
#RSAC
The Future of Victimization
60
![Page 61: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/61.jpg)
#RSAC
Change of Mindset
61
ETHICAL DILEMA: INFECT OR NOT INFECT
$3.6 million demanded$17,000 Paid
“From the bottom of my heart, I wish that mothers of ransomware distributors end up in an intensive care unit and their respiratory system is infected with ransomware. ”
![Page 62: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/62.jpg)
#RSAC
No Honor Among Thieves
62
• PARALYZED PRODUCTION• IMMENSE LOSSES
![Page 63: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/63.jpg)
#RSAC
How Big Is Too Big?
63
![Page 65: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/65.jpg)
#RSAC
Perfect cover-up weapon
65
WannaCry
NotPetya
![Page 66: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/66.jpg)
#RSAC
Data Mining for Gold
66
One example of this is Mr. John Jenkins, who at the time of data entry was an Atlanta Hawks player. His row is the following:
****942204,1,Jenkins,John," ",19**-0*-0*,21* Ivy *****, Hend**********,TN,37***,61*97*44*6,***50674,NULL,JENKINS,1***50674,***878*8*0,,NULL,20**-0*-0* 14:53:08.570,20**-0*-2* 12:42:05.573,,0***1303**99,Jenkins,John,***10306000000
We also found FBI: ****061278,1,G*******,Mark,F,19**-0*-*8,M,,**29 ***** Mill ******,,Law**********,GA,30***,202***6****,,,10156752,,,,MARK.G*******@IC.FBI.GOV
![Page 67: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/67.jpg)
#RSAC
Innocent Victims
67
Let's take Mrs. N**** M***** for example: Her SSN, address, email, phone numbers, insurance information, etc. are all there. We also know that according to her record, she is 65 inches tall and weighs 215. Blood pressure 13478 and a pulse of 76. She also has Osteoarthrosis and joint pain in her lower leg. Her prescription records state she has been prescribed oxycodone for "severe pain", alprazolam for "anxiety sleep", fentanyl, and oxycontin.
![Page 68: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/68.jpg)
#RSAC
68
![Page 69: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/69.jpg)
#RSAC
Ask Yourself: Will You Pay or Not?
69
Ask Yourself: Will You Pay or Not?
• How much is your data worth?• How much are you prepared to pay?• Do you have funds in reserve?
Stand your ground
I will not payYes I will
![Page 70: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/70.jpg)
#RSAC
Takeaways
70
• Criminals use every tool available for $$• No target is too small or too big• Evaluate and be ready
![Page 71: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/71.jpg)
SESSION ID:SESSION ID:
#RSAC
Andrei Barysevich
Thank You!
SEM-W01
Director of Advanced CollectionRecorded Future@DeepSpaceEye
![Page 72: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/72.jpg)
#RSAC
72
Start End
10:45 11:00 Networking Break
11:00 11:35 Defending Better by Understanding Cybercriminal MotivationsPanel discussion
11:40 12:10 Ransomware of Tomorrow: How To Be Ready For Future ThreatsEugene Aseev
12:15 12:50 Getting the Board On-Board: Ransomware’s Impact on your BusinessPanel discussion
![Page 73: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/73.jpg)
#RSAC
Defending Better by Understanding Cybercriminal Motivations
![Page 74: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/74.jpg)
#RSAC
74
Etay MaorExecutive Security Advisor, IBM Security
Ben PotterSenior Security and Compliance Consultant, Amazon Web Services
Christiaan BeekLead Scientist and Principal Engineer, McAfee
Panelists
![Page 75: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/75.jpg)
#RSAC
75
How does the human element of ransomware work?Core Question
![Page 76: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/76.jpg)
#RSAC
Your Panelists
76
Etay Maor Ben Potter Christiaan Beek
![Page 77: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/77.jpg)
#RSAC
77
Start End
11:40 12:10 Ransomware of Tomorrow: How To Be Ready For Future ThreatsEugene Aseev
12:15 12:50 Getting the Board On-Board: Ransomware’s Impact on your BusinessPanel discussion
![Page 78: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/78.jpg)
SESSION ID:SESSION ID:
#RSAC
Eugene Aseev
Ransomware Of Tomorrow: How To Be Ready For Future Threats
SEM-W01
Head of Singapore R&D CentreAcronis@toxzique
![Page 79: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/79.jpg)
#RSAC
Current landscape and major security flaws
Ransomware Today
What to look out for in the future
Ransomware Of Tomorrow
Exploring the recent breakthrough solutions
Modern Technology
Agenda
![Page 80: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/80.jpg)
#RSAC
Ransomware is a type of malicious software used by cybercriminals that is designed to extort money from
their victims, either by
• Encrypting data on the disk or • By blocking access to the system
![Page 81: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/81.jpg)
#RSAC
Ransomware Types
Lock screen ransomware• Shows threatening window
stating user’s computer is blocked
• Can be usually resolved without harmful consequences
File encryption ransomware• Encrypts user’s files, shows
a threatening window
• Cannot be usually resolved, as only cybercriminals have decryption key
Boot-level ransomware• Rewrites MBR (master boot
record), encrypts hard disk, shows threatening message while system is booting
• Cannot be usually resolved, as only cybercriminals have decryption key
![Page 82: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/82.jpg)
#RSAC
Attacks Volume
![Page 83: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/83.jpg)
#RSAC
Attacks Impact
![Page 84: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/84.jpg)
#RSAC
Recent Examples
Difficult to detect as it uses standard Windows components to download and execute the payload (scripts and libraries)
Can also be distributed via CRM/customer support systems across organizational boundaries. Infected user in one organization can send an email to CRM system email address
Directly attacks Microsoft Volume Shadow Copy Service available in every MS Windows installation, deletes already created shadow copies
Osiris WannaCryIn order to spread like a worm, utilized an exploit called ETERNALBLUE, one of the leaked NSA hacking tools released by the Shadow Brokers hacking group in April 2017
The patch for the SMB vulnerability was available for 59 days prior to the attack
Hit critical infrastructure in some countries such as Germany and Russia. In the U.K., the health care sector received a hard hit: hospitals had to turn away patients, reroute ambulances, paralyze emergency services, and reschedule surgeries and appointments
![Page 85: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/85.jpg)
#RSAC
From Consumers to Businesses and Targeted Attacks
![Page 86: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/86.jpg)
#RSAC
Data Alteration and Attack on the Cloud
Ransomware of the future will simply alter your data and demand money to let you know what exactly they changed. Hitting businesses where it hurts most
Current ransomware already block access to cloud storages like Dropbox or Google Drive. Next step will be compromising cloud backups of your backup providers
![Page 87: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/87.jpg)
#RSAC
Future Targets
![Page 88: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/88.jpg)
#RSAC
Simple Rules to Avoid Grave Damage
![Page 89: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/89.jpg)
#RSAC
Comprehensive Anti-Malware Solution
• Actively protects files (including local backups) from unauthorized modification and/or encryption
• Actively protects cloud backups from alteration by hardening the agent application from attacks
• Based on a behavioral heuristic approach and whitelisting, active data protection is future proofed
The result? Data can never be compromised. If any files were impacted prior to the deflection of an attack, they can be easily and automatically restored
Ransomware
Active detection and restore
Physical data loss dueto various reasons
Cloud backup
Data restored from cloud in case of
attack
Secured cloud backups
![Page 90: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/90.jpg)
#RSAC
Predictive Protection
Proactive detection and blocking based on behavior heuristics + predictive analysis + context of attacks for analysts and incident response intelligence.
Trusted processes
behavior DB
Infected processes
behavior DB
Data related behavior DB
Anomalies detector
Blacklist monitor
User/system behavior monitor
Events collector
File/register/network operations as input data
Outliers detection, Support Vector Machine
(SVM), cluster based models
Deep learning, Bayes Neural Network (NN),
Trees models
Deep learning, Graph models
File/register/network operations as train data
Results
Detect anomalies
Detect known threats
Detect unknown threats
Data-related threats detection
![Page 91: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/91.jpg)
#RSAC
Apply What You Have Learned Today
Next week you should:Backup all your devices (just in case you have not done this yet)
In the first three months following this presentation you should:Configure 3-2-1 backup, choose and install comprehensive anti-malware solution
Within six months you should:Implement all ransomware prevention practices at home and at workplace
![Page 92: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/92.jpg)
SESSION ID:SESSION ID:
#RSAC
Eugene Aseev
Thank you!
SEM-W01
Head of Singapore R&D CentreAcronis@toxzique
![Page 93: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/93.jpg)
#RSAC
93
Start End
12:15 12:50 Getting the Board On-Board: Ransomware’s Impact on your BusinessPanel discussion
![Page 94: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/94.jpg)
#RSAC
Getting the Board On-Board: Ransomware’s Impact on your Business
![Page 95: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/95.jpg)
#RSAC
95
Jonathan TrullGlobal Chief Cybersecurity Advisor, Microsoft
Kristof PhilipsenManaging Executive, Verizon
Joyce ChuaAssistant Vice President, Singapore Post Ltd.
Panelists
![Page 96: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/96.jpg)
#RSAC
96
What is the real business impact of ransomware?Core Question
![Page 97: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/97.jpg)
#RSAC
Your Panelists
97
Jonathan Trull Kristof Philipsen Joyce Chua
![Page 98: Ransomware Seminar - RSA Conference · PDF fileRansomware Seminar. #RSAC 2 36% ... Ninja / Pirate / Hacker; Time Magazine’s Person of the Year 2006](https://reader031.vdocuments.mx/reader031/viewer/2022030409/5a8e72f67f8b9a085a8d314b/html5/thumbnails/98.jpg)
#RSAC
98
Thank you!