PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register...

48
PAZINIT: RANSOMWARE Marko Pernić

Transcript of PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register...

Page 1: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

PAZINIT: RANSOMWAREMarko Pernić

Page 2: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

SADRŽAJ:

• Što su cryptolockeri?

• Kako rade?

• Načini tretiranja posljedica

• Kako se zaštititi?

• Bitcoin valuta

• Case Study: Cryptowall 4 - Od zaraze do plaćanja

Page 3: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BACKUP

„Postoje ljudi koji rade backup i oni koji će ga tek raditi”

Page 4: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

ŠTO SU CRYPTOLOCKERI?

• Programi koji zaključavaju (kriptiraju) korisničke podatke

• "socijalni inženjering" - prijevarom se navede korisnika da sam aktivira zlonamjerni program; uz ostale klasične metode

• Od rujna 2013.

• 100%-tna zaštita ne postoji

• Pogađaju sve platforme (Windows, Linux, Mac OS, Android, Cloud Storage)

• Nazivi: GPCode, Filecode, CryptoLocker, CryptoWall, TeslaCrypt, CoinVault, ZeroLocker

Page 5: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

ŠTO SU CRYPTOLOCKERI?

Page 6: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

1 •Instalacija

2 •Kontaktiranje C&C servera (HQ-a)

3 •Generiranje ključeva

4 •Enkripcija

5 •Iznuda

Page 7: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

Instalacija

Page 8: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

Instalacija Double extension:

Unutar PDF-a

Page 9: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

Instalacija

Key = HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Name = {297DCA1C-2305-AD40-6DDB-F23F45FCD122}

Data = C:\Users\\AppData\Roaming\ahavw\leegu.exe

Page 10: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

Page 11: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• Nakon instalacije, CryptoLocker „zove doma”

• Tisuću jedinstvenih domena – svaki dan

• Klijent mora dozvati server (C&C – Command & Control) da bi počeo kriptirati datoteke

• Server pripremi:• Ključeve

• Bitcoin adresu za uplatu

{1|crypt1|9831374BF569D58A8BED493DF407F4EF|5|1|2||5.170.247.119}

{7|crypt1|<Victim PC MD5>|1}

Page 12: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• Intgmxdeadnxuyla.com

• Axwscwsslmiagfah.com

Page 13: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

C&C

infrastruktura

Page 14: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• Server generira dva ključa: privatni i javni

• Javni ključ se šalje na zaraženo računalo, što je preduvjet za početak enkripcije

• Privatni ključ ostaje samo na serveru

Page 15: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• Enkripcija• AES-256

• RSA-2048

Page 16: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• RSA-2048 (617 znamenki):

• 25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357

Page 17: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt

Page 18: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO CRYPTOLOCKERI RADE?

• Otkupnina:• Unutar 7 dana = €500

• Unutar mjesec dana = €1.000

• Nakon mjesec dana = nemoguće!

Page 19: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO TRETIRATI POSLJEDICE?

Page 20: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO TRETIRATI POSLJEDICE?

• Vraćanje datoteka iz backupa

• Plaćanje otkupnine i nada u povrat informacija

• ShadowExplorer / Previous Version / System Restore

• Undelete (Recuva, R-studio, Photorec, …)

Page 21: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO TRETIRATI POSLJEDICE?

• Talos – za TeslaCrypt• Ključ je u datoteci key.dat

• rakhni decryptor (Kaspersky) – za Rakhni• Ključ je u datoteci exit.hhr.oshit

• Avast anti-Simplocker – za Android verzije

Page 22: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO TRETIRATI POSLJEDICE?

• Vrijeme trajanja skidanja enkripcije RakhiDecrypter (Kaspersky)• Radjeni na istom uzorku

• Platforma: Windows 8.1

• Usporedni test izvršen samo jednom

Page 23: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO TRETIRATI POSLJEDICE?

• Shadow Explorer / Previous versions

Page 24: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

KAKO SE ZAŠTITI?

• BACKUP

• Educirajte se / educirajte korisnike

• (Kupite,) koristite i održavajte antivirusne programe / drugi oblik endpoint zaštite

• Popratite stvarni poslovni scenarij (ograničenja korisničkih prava, mrežni dijeljeni resursi, …)

• Brinite se da su operativni sustav i aplikacije ažurni

• Izbacite misao „to se meni ne može dogoditi”

• Ne klikajte na reklame

• Instalirajte samo provjerene aplikacije i dodatke

• Periodički kopirajte sustav na dislocirane medije

Page 25: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

TRENDOVI

• Tox - RaaS – Ransomware as a Service

• Any user can register on the darknet site and choose to create their own cryptolocker-style software. They get the option to set the ransom amount, in US dollars, as well as add a personal note.

• The site then automatically generates a downloadable virus, which can be downloaded and then shared however the attacker desires. And the whole thing is funded by Tox taking a 20% cut of any ransom paid.

Page 26: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

PRAVNE AKTIVNOSTI

• But Cryptolocker was disrupted in a simultaneous US-EU raid in June 2014, seizing the command and control network which had been used to run the software remotely. After the raids, which also took out a related piece of malware called Gameover Zeus, reports of new infections have died off.

• US authorities named Russian national Evgeniy Bogachev as the face of a malicious software scheme responsible for stealing millions from people around the world, after a successful campaign to disrupt two major computer networks.

• It’s believed Cryptolocker, which the FBI estimated acquired $27m in ransom payments in just the first two months of its life, has infected more than 234,000 machines.

Page 27: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

WINDOWS, LINUX, MAC OS X

Page 28: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

Page 29: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

• Bitcoin je digitalni novac, stvoren i čuvan elektronički. bitcoinnije printan i nije kontroliran od strane bilo koga.

• Proizvode ga brojni ljudi pomoću računala u cijelom svijetu koristeći software koji rješava matematičke probleme.

• Bitcoin protokol, tj. algoritam pomoću kojeg cijeli sustav funkcionira, ograničen je na izdaju 21 milijuna bitcoinova.

• Transakcija je transfer vrijednosti između dva digitalna novčanika koja se tada registrira u „blok chain“.

Page 30: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

• Karakteristike Bitcoina:• Decentraliziran

• Jednostavno je otvoriti račun

• Anoniman je

• Potpuno je transparentan

• Transakcijski troškovi su zanemarivi

• Mreža je brza

• Prijenos je nepovratan

Page 31: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

• Wallet• blockchain.info

• Izrađuje se adresa – „bankovni račun”

• Generira se privatni ključ

• Kupovina Bitcoina• btcdirect.eu

Page 32: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

Plaćanje bitcoinima:

• Kada Janica želi poslati svoje bitcoinove Ivici, ona prolazi kroz sljedeće korake kako bi izvršila transakciju:• Input (privatni ključ)

• Iznos (iznos bitcoinova koji se prenose)

• Output (adresa digitalnog novčanika primatelja, u našem slučaju Ivice)

• Ona šalje svoju bitcoin transakciju u Bitcoin mrežu te se tamo ona tamo zapisuje u „blok chain“, verificira od strane rudara te se zapisuje u transakcijski blok i eventualno s vremenom rješava.

Page 33: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

BITCOIN VALUTA

Page 34: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

Page 35: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Računalo: Windows XP SP3, 2 GB RAM, neažurirani kupljeni antivirusni program

• Mreža: razni mapirani mrežni pogoni, LAN s više računala, ADSL veza prema internetu

• Backup: ne postoji

• Količina podataka: 2 GB

• Važnost podataka: velika

Page 36: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Prvi znakovi infekcije: ponedjeljak, 10 ujutro

• Potpuni gubitak podataka: ponedjeljak, podne

Page 37: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

Page 38: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Prvi koraci:• Isključivanje računala iz mreže

• Čišćenje računala

• Malwarebytes Anti-malware

• HitMan

• ZoneAlarm

• Analiza računala, datoteka i virusa

• Datoteke: 27p9k967z.x1nep, 9242on6c.6la9

• CryptoWall 4

• Kontaktiranje lokalne zajednice

Page 39: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Backup• Ne postoji

• Shadow Explorer• „"C:\Windows\SYsWOW64\cmd.exe" /C

"C:\Windows\Sysnative\vssadmin.exe" Delete Shadows /All /Quiet”

• Internet / Google• „Unfortunately, at this time there is no way to recover your files without

restoring from a backup or paying the ransom. ”

Page 40: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• CryptoWall 4 bug• „Pukne” na nepostojećem mrežnom dijeljenom pogonu

Page 41: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Otkupnina• 1,33 bitcoina (oko $500) unutar 7 dana

• 2,66 bitcoina (oko $1.000) unutar 30 dana

• Preduvjeti:• Korisnik ima wallet: NE

• Korisnik ima sigurnu kreditnu karticu: NE

• Korisnik ima bankovnu karticu verificiranu za Internet plaćanje: NE

• Korisnik zna što su bitcoini: NE

Page 42: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Suočavanje s istinom:• Podataka nema

• Podaci se ne mogu vratit

• Podaci se moraju pokušati vratiti

• Rizici gubitka podataka:• Mjeseci pretipkavanja onoga što postoji u printanom obliku

• Bruka pred poslovnim partnerima i traženje kopija podataka

• Paralelan tekući rad i spašavanje podataka zahtjeva dodatne resurse

Page 43: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Kupovina bitcoina• Registracija na BTCdirect.eu

• Verifikacija osobnom iskaznicom

• Verifikacija slikom

• Verifikacija kreditne kartice

• Verifikacija skype video pozivom

• Otvaranje walleta

• Registracija na blockchain.info

• Verifikacija e-mailom

Page 44: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

• Kupovina bitcoina• Kupovina 1,33 bitcoina

• Povećanje iznosa na 1,37 bitcoina

• Kupovina 0,04 bitcoina

• Troškovi transakcije!

• Kupovina još 0,03 bitcoina (minimalna kupovina: €10)

• Prijenos transakcije• Čekanje…

• Čekanje…

• Čekanje…

Page 45: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

Page 46: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

Page 47: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

CASE STUDY: CRYPTOWALL 4

Page 48: PAZINIT: RANSOMWARE · TRENDOVI •Tox - RaaS –Ransomware as a Service •Any user can register on the darknet site and choose to create their own cryptolocker-style software. They

INFO

• Resursi:• http://news.softpedia.com/news/quick-q-a-with-author-of-mabouia-first-

mac-os-x-ransomware-495795.shtml

• http://www.theguardian.com/technology/2015/jun/02/ransomware-as-service-discovered-on-darknet

• http://www.theguardian.com/technology/2014/jun/02/cryptolocker-virus-nca-malware-protection

• http://www.zdnet.com/article/crypto-ransomware-strikes-linux-but-attackers-botch-private-key/

• http://blogs.cisco.com/security/talos/cryptowall-3-0

• http://blogs.cisco.com/security/talos/teslacrypt

• http://www.kyrus-tech.com/2013/11/12/cryptolocker-decryption-engine/

http://news.softpedia.com/news/quick-q-a-with-author-of-mabouia-first-mac-os-x-ransomware-495795.shtml
http://www.theguardian.com/technology/2015/jun/02/ransomware-as-service-discovered-on-darknet
http://www.theguardian.com/technology/2014/jun/02/cryptolocker-virus-nca-malware-protection
http://www.zdnet.com/article/crypto-ransomware-strikes-linux-but-attackers-botch-private-key/
http://blogs.cisco.com/security/talos/cryptowall-3-0
http://blogs.cisco.com/security/talos/teslacrypt
http://www.kyrus-tech.com/2013/11/12/cryptolocker-decryption-engine/

Security Hole #18 - Cryptolocker Ransomware

Security Hole #18 - Cryptolocker Ransomware

Cyber Crime Deep Web markets – Crime as Service Ransomware ... · Cyber Crime Deep Web markets – Crime as Service Ransomware – CryptoLocker V4.0 Buy Malware exploit kit for

Cyber Crime Deep Web markets – Crime as Service Ransomware ... · Cyber Crime Deep Web markets – Crime as Service Ransomware – CryptoLocker V4.0 Buy Malware exploit kit for

Carbonite: A Cornerstone for Ransomware Protection & Recovery · 2017-09-22 · Case in point: CryptoLocker, a common ransomware code, uses RSA public key encryption to encrypt data.

Carbonite: A Cornerstone for Ransomware Protection & Recovery · 2017-09-22 · Case in point: CryptoLocker, a common ransomware code, uses RSA public key encryption to encrypt data.

Android Ransomware: Turning CryptoLocker into … Ransomware: Turning CryptoLocker into CryptoUnlocker Alexander Adamov NioGuard Security Lab nas.nioguard.com VB 2015, Prague Demo:

Android Ransomware: Turning CryptoLocker into … Ransomware: Turning CryptoLocker into CryptoUnlocker Alexander Adamov NioGuard Security Lab nas.nioguard.com VB 2015, Prague Demo:

How To Remove CryptoLocker?

How To Remove CryptoLocker?

How To Eliminate CryptoLocker?

How To Eliminate CryptoLocker?

CryptoLocker Remediation

CryptoLocker Remediation

Is It Wrong to Try to Find APT Techniques in Ransomware ... · CryptoLocker (Sep 2013) Wannacry (May 2017) 4 ... (Get-WmiObject -Class Win 32_Product -Filter "Name = 'Symantec Endpoint

Is It Wrong to Try to Find APT Techniques in Ransomware ... · CryptoLocker (Sep 2013) Wannacry (May 2017) 4 ... (Get-WmiObject -Class Win 32_Product -Filter "Name = 'Symantec Endpoint

Darknet Analysis - kiras.at · Classification: Public 3 Underground markeplaces • Trading places o Malware (e.g. Ransomware, Bot nets) o Weapons, Drugs … • Based on different

Darknet Analysis - kiras.at · Classification: Public 3 Underground markeplaces • Trading places o Malware (e.g. Ransomware, Bot nets) o Weapons, Drugs … • Based on different

Understanding CryptoLocker (Ransomware) with a Case Study

Understanding CryptoLocker (Ransomware) with a Case Study

Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37

Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37

CRYPTOLOCKER VİRÜSÜ HAKKINDA BİLGİ NOTU · 2019-09-08 · CryptoLocker, fidye isteyen kategoride (ransomware) bir zararlı yazılımdır. Türkiye’de son dönemlerde genellikle

CRYPTOLOCKER VİRÜSÜ HAKKINDA BİLGİ NOTU · 2019-09-08 · CryptoLocker, fidye isteyen kategoride (ransomware) bir zararlı yazılımdır. Türkiye’de son dönemlerde genellikle

Malware's Most Wanted: CryptoLocker—The Ransomware Trojan

Malware's Most Wanted: CryptoLocker—The Ransomware Trojan

How to Protect Yourself from CryptoLocker Ransomeware …...CryptoLocker V1. What Can Ransomware Do? Ransomware can: o Prevent you from accessing Windows. o Encrypt files so you can't

How to Protect Yourself from CryptoLocker Ransomeware …...CryptoLocker V1. What Can Ransomware Do? Ransomware can: o Prevent you from accessing Windows. o Encrypt files so you can't

IERG Webinar Series February 10, 2016 DR. FREDERICK SCHOLL · Tax records on computer should be encrypted ... Get rid of data you don’t need ... Cryptolocker and other ransomware

IERG Webinar Series February 10, 2016 DR. FREDERICK SCHOLL · Tax records on computer should be encrypted ... Get rid of data you don’t need ... Cryptolocker and other ransomware

Bedrägerier och annat otyg–rebro... · Ransomware (Cryptolocker) Nutid och framtid. Ransomware traditionellt. Mailutskick från Postnord, Nutid. Klickar du vidare så kommer du

Bedrägerier och annat otyg–rebro... · Ransomware (Cryptolocker) Nutid och framtid. Ransomware traditionellt. Mailutskick från Postnord, Nutid. Klickar du vidare så kommer du

How To Remove CryptoLocker Ransomware From PC Manually?

How To Remove CryptoLocker Ransomware From PC Manually?

Cryptolocker Webcast

Cryptolocker Webcast

Hvordan stopper du CryptoLocker?

Hvordan stopper du CryptoLocker?

Cryptolocker, ransomware e ricatti digitali

Cryptolocker, ransomware e ricatti digitali