Ransomware Characteristics

9
© 2017Cybereason Inc. All rights reserved. Ransomware Characteristics Sets itself apart from other malware

Transcript of Ransomware Characteristics

Page 1: Ransomware Characteristics

© 2017Cybereason Inc. All rights reserved.

Ransomware CharacteristicsSets itself apart from other malware

Page 2: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

It features unbreakable encryption, which means that you can’t decrypt the files on your own

It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC

Encryption

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/
Page 3: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

Scrambling file names and extensionsSocial engineering tricks!

It will add a different extension to your files, to sometimes signal a specific type of ransomware strain.

It can scramble your file names, so you can’t know which data was affected.

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/
Page 4: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

Ransom notes and Bitcoin

It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back.

It requests payment in Bitcoins, because this payment can’t be tracked by researchers or law enforcement.

Most of the time, ransom payments have a time-limit, pay up or lose the data! If you don’t pay before the deadline, the ransom may increase, or the data will be destroyed and lost forever.

Page 5: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

Building botnets and infrastructure

Ransomware often recruits the infected machines into botnets, so criminals can expand and plan for future attacks.

It can spread to other machines connected in a local network.

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/
Page 6: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

Data exfiltration and localized languages

Ransomware has data exfiltration capabilities.

It also can include geographical targeting, meaning the ransom note is translated into the victim’s language, making the chances for the ransom to be paid to increase.

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/
Page 7: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

• Spam email campaigns that contain malicious links or attachments

• Security exploits in vulnerable software

• Internet traffic redirects to malicious websites

• Legitimate websites that have malicious code injected in their web

pages

• Drive-by downloads

• Malvertising campaigns

• Botnets

• Self-propagation: Spreading from one machine to another

• Ransomware-as-a-service: Earning a share of the ransom by helping

further spread ransomware

Some of the most common methods used by cybercriminals to spread ransomware

Page 8: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

Can’t be detected by traditional AV

Ransomware uses a complex set of evasion techniques to go undetected by traditional antivirus.

Cybereason researches and evaluates the new ransomware strains (and other types of attacks) to continuously analyze and develop new detection and response techniques.

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/
Page 9: Ransomware Characteristics

© 2017 Cybereason Inc. All rights reserved.

See how RansomFree by Cybereason keeps your data safe from never-before-seen ransomware.

Go to ransomfree.cybereason.com

https://ransomfree.cybereason.com/

MalwareBytes - Ransomware

MalwareBytes - Ransomware

Defend Your Data from Ransomware Attacksdiscover.zyxel.com/rs/471-TTL-126/images/Ransomware...Defend Your Data from Ransomware Attacks The Threat of Ransomware The WannaCry attack

Defend Your Data from Ransomware Attacksdiscover.zyxel.com/rs/471-TTL-126/images/Ransomware...Defend Your Data from Ransomware Attacks The Threat of Ransomware The WannaCry attack

CSIO: Ransomware

CSIO: Ransomware

Understanding Ransomware: Impact, Evolution and Defensive ...€¦ · 14/07/2014  · 3 Evolution of Ransomware 3.1 Historic Examples of Ransomware Ransomware trojans appeared as

Understanding Ransomware: Impact, Evolution and Defensive ...€¦ · 14/07/2014  · 3 Evolution of Ransomware 3.1 Historic Examples of Ransomware Ransomware trojans appeared as

Hive Ransomware

Hive Ransomware

Einfache Möglichkeit, zu deinstallieren PadCrypt ransomware: Entfernen PadCrypt ransomware

Einfache Möglichkeit, zu deinstallieren PadCrypt ransomware: Entfernen PadCrypt ransomware

Business Guide to Ransomware - IT Best of Breed · 2017-05-15 · Business Guide to Ransomware Table of Contents: 1. Introduction to Ransomware 2. Ransomware as a Service 3. Dissection

Business Guide to Ransomware - IT Best of Breed · 2017-05-15 · Business Guide to Ransomware Table of Contents: 1. Introduction to Ransomware 2. Ransomware as a Service 3. Dissection

Tales From The Crypt - New York State Office of ... · Tales From The Crypt Fighting Ransomware ... .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt 7. Ransomware Characteristics 8.

Tales From The Crypt - New York State Office of ... · Tales From The Crypt Fighting Ransomware ... .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt 7. Ransomware Characteristics 8.

Ransomware and tips to prevent ransomware attacks

Ransomware and tips to prevent ransomware attacks

3Es of Ransomware

3Es of Ransomware

A QUICK GUIDE FOR RANSOMWARE DEFENSE · 2019-03-02 · A QUICK GUIDE FOR RANSOMWARE DEFENSE | 2 A BRIEF HISTORY OF RANSOMWARE Before understanding how to defend against ransomware,

A QUICK GUIDE FOR RANSOMWARE DEFENSE · 2019-03-02 · A QUICK GUIDE FOR RANSOMWARE DEFENSE | 2 A BRIEF HISTORY OF RANSOMWARE Before understanding how to defend against ransomware,

Ransomware ly

Ransomware ly

Conti Ransomware

Conti Ransomware

Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

AtomSilo Ransomware

AtomSilo Ransomware

Ransomware: Wannacry

Ransomware: Wannacry

Malwarebytes Anti-Ransomware Administrator Guide · Malwarebytes Anti-Ransomware Administrator Guide 1 What is Ransomware? In the simplest terms, the name ransomware says it all.

Malwarebytes Anti-Ransomware Administrator Guide · Malwarebytes Anti-Ransomware Administrator Guide 1 What is Ransomware? In the simplest terms, the name ransomware says it all.

Thermostat Ransomware

Thermostat Ransomware

Ransomware infographicITU - itu.int · ransomware detections were flagged as crypto-ransomware. a 27% increase since it was discovered. A ransomware variant seen in Russia that zipped

Ransomware infographicITU - itu.int · ransomware detections were flagged as crypto-ransomware. a 27% increase since it was discovered. A ransomware variant seen in Russia that zipped

Ransomware - asecuritysite.com · Types •Locker Ransomware. Locks the computer. •Crypto Ransomware. Requires decryption key. •Master Boot Record Ransomware. Attack MBR so that

Ransomware - asecuritysite.com · Types •Locker Ransomware. Locks the computer. •Crypto Ransomware. Requires decryption key. •Master Boot Record Ransomware. Attack MBR so that