the real truth behind ransomware...1989 pc cyborg corporation, joseph l. popp diskette with aids...
TRANSCRIPT
![Page 1: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/1.jpg)
1
THE REAL TRUTH BEHIND
RANSOMWARE
EDDY WILLEMS – SECURITY EVANGELIST
TWITTER: @EDDYWILLEMS
![Page 2: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/2.jpg)
G DATA Sofware AG:
- Founded 1985 in Germany (Bochum) – First AV Worldwide 1987
- Over 450 Pers. + Offices all over the world + Over 90 countries
- Security software vendor for consumers and companies
WHO?
• Security Evangelist at G Data Sofware AG (Cyber Expert/ Researcher)
• Director of EICAR(+ Co-founder), AMTSO and LSEC (3 int. security industry org.)
• Author of the book ‚Cybergevaar‘ (BE/NL 2013) ‚Cybergefahr‘ (DE 2015)
![Page 3: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/3.jpg)
RANSOMWARE1.Screen Lockers – 2.Crypto
Blocking device/work
Unusable + encryption
Pay Ransom or loose data/time
=> Time and data critical!
![Page 4: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/4.jpg)
2015 saw 2,453 reported ransomware
incidents. All in, victims paid out
about $24.1 million total FBI says!
What in 2016???
Horry County Schools to pay hackers’
ransom 8500 US Dollars
Hollywood Hospital 'Victim of Cyber
Attack‘’17.000 US Dollars
THE MONEY PROBLEM
![Page 5: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/5.jpg)
MEMORIES
![Page 6: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/6.jpg)
AIDS INFORMATION DISKETTE
1989 PC Cyborg Corporation,
Joseph L. Popp
Diskette with AIDS Information given at
WHO-Conference
Over 20.000 copies via PC World
magazine
Encrypts HD after some reboots
Asked $189 ransom to pay to P.O.Box
in Panama
I was the first to decrypt/solution!
![Page 7: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/7.jpg)
TODAY’S MALWARE THREATS
400.000 new samples a day
Over 500 million samples => 99,9% not visible!
![Page 8: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/8.jpg)
MODUS OPERANDI 1
![Page 9: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/9.jpg)
HOW TO GET INFECTED?
![Page 10: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/10.jpg)
10
OTHER EXPLOIT KITS
![Page 11: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/11.jpg)
MODUS OPERANDI 2
![Page 12: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/12.jpg)
G DATA | SIMPLY SECURE |
![Page 13: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/13.jpg)
MODUS OPERANDI 3
![Page 14: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/14.jpg)
SPAMMING MAILS WITH DOCS, ZIP, JAVACRIPT, ETC…
![Page 15: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/15.jpg)
MODUS OPERANDI 4
![Page 16: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/16.jpg)
BY THE USE OF A BOTNET
![Page 17: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/17.jpg)
TRIGGER
Why ransomware
works?
![Page 18: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/18.jpg)
THE HUMAN FACTOR
![Page 19: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/19.jpg)
WHEN?
![Page 20: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/20.jpg)
Easy money?
![Page 21: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/21.jpg)
WHY IS RANSOMWARE SO DIFFICULT TO DETECT?
It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments
Communication with CC servers is encrypted and difficult to detect in network traffic
It uses anti-sandboxing mechanisms so that antivirus analyzing techniques won’t pick it up
It employs domain shadowing to conceal exploits and hide the communication between the downloader (payload) and the servers controlled by cyber criminals (where the ransomware is stored)
It features Fast Flux, another technique used to keep the source of the infection anonymous (swap the IP addresses constantly and with high frequency by changing DNS records, so that automated analysis mechanisms cannot detect the real source of the infection)
It deploys encrypted payloads which can make it more difficult for antivirus to see that they include malware
It has polymorphic behavior that endows the ransomware with the ability to mutate
It has the ability to remain dormant
![Page 22: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/22.jpg)
RANSOMWARE
EXAMPLES
![Page 23: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/23.jpg)
CRYPTO RANSOMWARE EXAMPLES
![Page 24: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/24.jpg)
G DATA | SIMPLY SECURE | SECURITY SUMMIT | SEPTEMBER 24, 2015 | 24
![Page 25: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/25.jpg)
KERANGER RANSOMWARE
G DATA | SIMPLY SECURE |
![Page 26: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/26.jpg)
LINUX.ENCODER RANSOMWARE (FOR WEBSERVERS)
![Page 27: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/27.jpg)
ANYTHING ELSE?
![Page 28: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/28.jpg)
Drive-by-downloads!
AND …
![Page 29: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/29.jpg)
REMEDIATION
![Page 30: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/30.jpg)
TO PAY
OR
NOT TO PAY?
![Page 31: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/31.jpg)
REMEDIATION = OLD KNOWN SECURITY TECHNIQUES
- Security package (Endpoint Protection) installed on every system
- Activate or use behavior protection and exploit protection
- Patch Management (PASAP = Patch ASAP)
- Backups (external and not always connected drives)
- Only admin rights for certain users
- Limit user rights on shares or in-the-cloud
- Disable macro’s where not used!
- Mailgateway: filter out all executables (eg. .exe .com .js .htm .scr …etc)
- Mailgateway: use your own filepassing method (eg. zip with specific password)
![Page 32: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/32.jpg)
G DATABEHAVIOUR BLOCKING
ANTI-EXPLOIT
ANTI-RANSOMWARE
![Page 33: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/33.jpg)
THE FUTURE?
![Page 34: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/34.jpg)
IOT: INTERNET OF THINGS – RANSOMWARE ON CARS
![Page 35: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/35.jpg)
Internet of Things?
IOT
Internet of Trouble!
![Page 36: THE REAL TRUTH BEHIND RANSOMWARE...1989 PC Cyborg Corporation, Joseph L. Popp Diskette with AIDS Information given at WHO-Conference Over 20.000 copies via PC World magazine Encrypts](https://reader034.vdocuments.mx/reader034/viewer/2022042107/5e875b2c4b19be35a037fef0/html5/thumbnails/36.jpg)
G DATA | SIMPLY SECURE | 36
TWITTER: @EDDYWILLEMS
THANK YOU!
Q/A?
A secure solution for mobile threats …