5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIMSS Presentation
How to Protect Your Organization from the Ransomware Epidemic
Transcript of How to Protect Your Organization from the Ransomware Epidemic
2014 - 2016 – Cryptowall 1.0 - 4.0 Ransomware takes steroids.
• Distributed using various exploit kits, spam campaigns and
malvertising techniques.
• Exchanges encryption keys with C&C over L2P network via
heavily obfuscated URL’s using “Domain Generation
Algorithm” (DGA).
• Tor used to serve ransom notification and service website,
allowing victims to make payments, find out the status of a
payment, get one free decryption, and create support
requests.
• Uses multiple encryption algorithms.
• Observed using undocumented API calls to identify local
language settings of the compromised host for better C&C
upgrades.
• Disables and deletes all automatic Windows backup
mechanisms, and can bypass GPO.
• Polymorphic and leverages anti-VM and anti-emulation
techniques.
CIS Critical Security Controls
ISO 27000-series
NIST 800-53: Federal Information Systems
Management Act (FISMA)
Health Insurance Portability and Accountability Act
(HIPAA)
Payment Card Industry Data Security Standard (PCI
DSS)
Sarbanes-Oxley (SOX)
Inventory of Assets
Secure Configuration
LoggingMalware
Defense
tripwire.com | @TripwireInc