SlideShare ist ein Scribd-Unternehmen logo

Ransomware: WanaCry, WanCrypt

Als PPTX, PDF herunterladen
Yash Diwakar
Yash Diwakar

After massive hit of ransomware WannaCry. Check the basics of ransomware, protection and prevention tips. Find out history of ransomeware, spreading method, prevention tips in detail.

Technologie
1 von 34
Ransomware Prevention and Removal
What is ransomware? • 'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. • Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
History • The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp. • Extortionate ransomware became prominent in May 2005. • By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. • In 2011, a ransomware worm imitating the Windows Product Activation notice surfaced. • In February 2013, a ransomware worm based off the Stamp.EK exploit kit surfaced. • In July 2013, an OS X-specific ransomware worm surfaced. • CryptoLocker has raked in around 5 million dollars in the last 4 months of 2013.
How do criminals install ransomware? • Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. • Ransomware is usually installed when you open A malicious email attachment Click a malicious link in an email message an instant message on social networking site • Ransomware can even be installed when you visit a malicious website.
Types of Ransomware • Encryption Ransomware • Lock Screen Ransomware • Master Boot Record (MBR) Ransomware
Encryption Ransomware • Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). • Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. • You may see a lock screen but not all variants show one. • Instead you may only notice a problem when you attempt to open your files. • This type is also called 'file encryptor' ransomware.
Lock Screen Ransomware • 'Locks' the screen and demands payment. • Presents a full screen image that blocks all other windows. • This type is called 'WinLocker' ransomware. • No personal files are encrypted.
Master Boot Record (MBR) Ransomware • The Master Boot Record (MBR) is a section of the computer's hard drive that allows the operating system to boot up. • MBR ransomware changes the computer's MBR so the normal boot process is interrupted. • A ransom demand is displayed on screen instead.
Reveton • In 2012, a major ransomware worm known as Reveton began to spread. • It is also known as "police trojan". • Its payload displays a warning purportedly from a law enforcement agency. • claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc. • The warning informs the user that to unlock their system they would have to pay a fine. • To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
CryptoLocker • A Encrypting ransomware reappeared in 2013. • Distributed either as an attachment to a malicious e-mail or as a drive-by download. • encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography. • The private key stored only on the malware's control servers. • Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline. • threatens to delete the private key if the deadline passes. • If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
Health Care and Ransomware(2016) • As of August 2016, 88% of ransomware attacks hit hospitals/medical facilities Health care facilities seem to be hit regularly: • Hollywood Presbyterian • USC hospitals • MedStar Health (Washington DC area) Effects of ransomware attacks: • Employees cannot log in • Patient appointments had to be cancelled • No electronic records or prescriptions
WannaCry Ransomware(2017) • One of the largest cyberattacks ever is currently eating the web, hitting PCs in countries and businesses around the world. • Well, a vulnerability first uncovered by the National Security Agency and then released by hackers on the internet is now being used in one of the most prolific cyberattacks ever around the globe. • We found out about it because a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability.
Cont… • It's called WannaCry, and it's brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses. • This exploit called EternalBlue. • The ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short.
How to prevent ransomware ? • Keep all of the software on your computer up to date. • Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser-related components (Java, Adobe, and the like). • Keep your firewall turned on. • Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.)
Cont… • Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program. • If you run Windows 8 you don’t need Microsoft Security Essentials. • Scan your computer with the Microsoft Safety Scanner. • Keep your browser clean. • Always have a good backup system in place, just in case your PC does become infected and you can’t recover your files.
Identify The Ransomware Most commonly, ransomware is saved to one of the following locations: • C:Programdata(random alpha numerics).exe • C:Users(username)0.(random numbers).exe • C:UsersUsernameAppData(random alpha numerics).exe
Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat: • Windows Defender (built into Windows 8) • Microsoft Security Essentials • Microsoft Safety Scanner • Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.)
Removal – Other Anti-Malware Programs 1. Start your computer in “Safe Mode with Networking”. 2. Stop and clean malicious running processes. • Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). • Double Click to run RogueKiller. • Let the prescan to complete and then press on "Scan" button to perform a full scan. • When the full scan is completed, press the "Delete" button to remove all malicious items found. • Close RogueKiller and proceed to the next Step.
Clean Remaining Malicious Threats • Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc. • Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed. • let the program scan your system for threats. • Select all threats in result scan and remove all. • When the removal of infected objects process is complete, "Restart your system to remove all active threats properly“.
Delete Cryptolocker Hidden Files • Enable the hidden files view from control panel. • Navigate to the following paths and delete all Cryptolocker Hidden files: For Windows XP • C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime
Delete Temporary files Finally delete all files and folders under your TEMP folders: For Windows XP • C:Documents and Settings<YOUR USERNAME>Local SettingsTemp • C:WindowsTemp For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataLocalTemp • C:WindowsTemp
File Restore- Shadow Copies 1. Navigate to the folder or the file that you want to restore in a previous state and right-click on it. 2. From the drop-down menu select “Restore Previous Versions”. * Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab. 3. Then choose a particular version of folder or file and the press the: • “Open” button to view the contents of that folder/file. • “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive). • “Restore” to restore the folder file to the same location and replace the existing one.
Removing Reveton • Name- Trojan:W32/Reveton and Trojan:W32/Urausy • Boot the system into 'Safe Mode with Command Prompt.' • In the command prompt, type "regedit" and press Enter. • Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data. • Reboot the system again, this time into Normal mode. • Finally, run a full computer scan to repair any remaining files.
Conclusion When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomewares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks.
References • http://www.microsoft.com/security/resources/ransomware-whatis.aspx • http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx • http://www.sophos.com/en-us/support/knowledgebase/119006.aspx • http://us.norton.com/ransomware • http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: • http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and- restore-your-files/ • http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware
Thank You!!!

Empfohlen

Malware
MalwareMalware
Malware
Tuhin_Das
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
amiable_indian
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
galaxy201
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 

Empfohlen

Malware
MalwareMalware
Malware
Tuhin_Das
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
amiable_indian
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
galaxy201
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
Lookout
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
Dnyaneshwar Beedkar
 
Malware
MalwareMalware
Malware
guest234d3a
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
Botnet
BotnetBotnet
Botnet
lokenra
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
Gaurang Rathod
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Ransomeware
RansomewareRansomeware
Ransomeware
Abul Hossain Ripon
 
cyber security
cyber security cyber security
cyber security
sumitbajpeyee
 
Spam
SpamSpam
Spam
Apostolos Syropoulos
 
Spyware
SpywareSpyware
Spyware
Kardan university, kabul , Afghanistan
 
Malware
MalwareMalware
Malware
josefrozhi12
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
aztechtchr
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
Azri Abdin
 
ransomware presentation in detail explaination
ransomware presentation in detail explainationransomware presentation in detail explaination
ransomware presentation in detail explaination
sr99536254
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
Security Innovation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer Malware
Computer MalwareComputer Malware
Computer Malware
aztechtchr
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
Azri Abdin
 

Was ist angesagt? (20)

What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Malware
MalwareMalware
Malware
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Malware
MalwareMalware
Malware
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Botnet
BotnetBotnet
Botnet
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
cyber security
cyber security cyber security
cyber security
 
Spam
SpamSpam
Spam
 
Spyware
SpywareSpyware
Spyware
 
Malware
MalwareMalware
Malware
 
Malware ppt
Malware pptMalware ppt
Malware ppt
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 
Ransomware
Ransomware Ransomware
Ransomware
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
 

Ähnlich wie Ransomware: WanaCry, WanCrypt

Ähnlich wie Ransomware: WanaCry, WanCrypt (20)

ransomware presentation in detail explaination
ransomware presentation in detail explainationransomware presentation in detail explaination
ransomware presentation in detail explaination
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Malware part 2
Malware part 2Malware part 2
Malware part 2
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
 
computer virus full explain ppt.pptx
computer virus full explain ppt.pptxcomputer virus full explain ppt.pptx
computer virus full explain ppt.pptx
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Viruses
 
computer viruses
computer virusescomputer viruses
computer viruses
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
IS100 Week 11
IS100 Week 11IS100 Week 11
IS100 Week 11
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Introduction to computer lec (4)
Introduction to computer lec (4)Introduction to computer lec (4)
Introduction to computer lec (4)
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and Viruses
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 

Kürzlich hochgeladen

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Kürzlich hochgeladen (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Ransomware: WanaCry, WanCrypt

  • 2. What is ransomware? • 'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. • Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
  • 3. History • The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp. • Extortionate ransomware became prominent in May 2005. • By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. • In 2011, a ransomware worm imitating the Windows Product Activation notice surfaced. • In February 2013, a ransomware worm based off the Stamp.EK exploit kit surfaced. • In July 2013, an OS X-specific ransomware worm surfaced. • CryptoLocker has raked in around 5 million dollars in the last 4 months of 2013.
  • 4. How do criminals install ransomware? • Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. • Ransomware is usually installed when you open A malicious email attachment Click a malicious link in an email message an instant message on social networking site • Ransomware can even be installed when you visit a malicious website.
  • 5. Types of Ransomware • Encryption Ransomware • Lock Screen Ransomware • Master Boot Record (MBR) Ransomware
  • 6. Encryption Ransomware • Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). • Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. • You may see a lock screen but not all variants show one. • Instead you may only notice a problem when you attempt to open your files. • This type is also called 'file encryptor' ransomware.
  • 7.
  • 8. Lock Screen Ransomware • 'Locks' the screen and demands payment. • Presents a full screen image that blocks all other windows. • This type is called 'WinLocker' ransomware. • No personal files are encrypted.
  • 9.
  • 10. Master Boot Record (MBR) Ransomware • The Master Boot Record (MBR) is a section of the computer's hard drive that allows the operating system to boot up. • MBR ransomware changes the computer's MBR so the normal boot process is interrupted. • A ransom demand is displayed on screen instead.
  • 11. Reveton • In 2012, a major ransomware worm known as Reveton began to spread. • It is also known as "police trojan". • Its payload displays a warning purportedly from a law enforcement agency. • claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc. • The warning informs the user that to unlock their system they would have to pay a fine. • To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
  • 12.
  • 13. CryptoLocker • A Encrypting ransomware reappeared in 2013. • Distributed either as an attachment to a malicious e-mail or as a drive-by download. • encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography. • The private key stored only on the malware's control servers. • Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline. • threatens to delete the private key if the deadline passes. • If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
  • 14.
  • 15. Health Care and Ransomware(2016) • As of August 2016, 88% of ransomware attacks hit hospitals/medical facilities Health care facilities seem to be hit regularly: • Hollywood Presbyterian • USC hospitals • MedStar Health (Washington DC area) Effects of ransomware attacks: • Employees cannot log in • Patient appointments had to be cancelled • No electronic records or prescriptions
  • 16. WannaCry Ransomware(2017) • One of the largest cyberattacks ever is currently eating the web, hitting PCs in countries and businesses around the world. • Well, a vulnerability first uncovered by the National Security Agency and then released by hackers on the internet is now being used in one of the most prolific cyberattacks ever around the globe. • We found out about it because a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability.
  • 17. Cont… • It's called WannaCry, and it's brought computer systems from Russia to China to the UK and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses. • This exploit called EternalBlue. • The ransomware is spread through standard file sharing technology used by PCs called Microsoft Windows Server Message Block, or "SMB" for short.
  • 18. How to prevent ransomware ? • Keep all of the software on your computer up to date. • Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser-related components (Java, Adobe, and the like). • Keep your firewall turned on. • Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.)
  • 19. Cont… • Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program. • If you run Windows 8 you don’t need Microsoft Security Essentials. • Scan your computer with the Microsoft Safety Scanner. • Keep your browser clean. • Always have a good backup system in place, just in case your PC does become infected and you can’t recover your files.
  • 20. Identify The Ransomware Most commonly, ransomware is saved to one of the following locations: • C:Programdata(random alpha numerics).exe • C:Users(username)0.(random numbers).exe • C:UsersUsernameAppData(random alpha numerics).exe
  • 21. Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat: • Windows Defender (built into Windows 8) • Microsoft Security Essentials • Microsoft Safety Scanner • Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.)
  • 22. Removal – Other Anti-Malware Programs 1. Start your computer in “Safe Mode with Networking”. 2. Stop and clean malicious running processes. • Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). • Double Click to run RogueKiller. • Let the prescan to complete and then press on "Scan" button to perform a full scan. • When the full scan is completed, press the "Delete" button to remove all malicious items found. • Close RogueKiller and proceed to the next Step.
  • 23.
  • 24. Clean Remaining Malicious Threats • Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc. • Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed. • let the program scan your system for threats. • Select all threats in result scan and remove all. • When the removal of infected objects process is complete, "Restart your system to remove all active threats properly“.
  • 25. Delete Cryptolocker Hidden Files • Enable the hidden files view from control panel. • Navigate to the following paths and delete all Cryptolocker Hidden files: For Windows XP • C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime
  • 26. Delete Temporary files Finally delete all files and folders under your TEMP folders: For Windows XP • C:Documents and Settings<YOUR USERNAME>Local SettingsTemp • C:WindowsTemp For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataLocalTemp • C:WindowsTemp
  • 27. File Restore- Shadow Copies 1. Navigate to the folder or the file that you want to restore in a previous state and right-click on it. 2. From the drop-down menu select “Restore Previous Versions”. * Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab. 3. Then choose a particular version of folder or file and the press the: • “Open” button to view the contents of that folder/file. • “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive). • “Restore” to restore the folder file to the same location and replace the existing one.
  • 28. Removing Reveton • Name- Trojan:W32/Reveton and Trojan:W32/Urausy • Boot the system into 'Safe Mode with Command Prompt.' • In the command prompt, type "regedit" and press Enter. • Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
  • 29.
  • 30. For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data. • Reboot the system again, this time into Normal mode. • Finally, run a full computer scan to repair any remaining files.
  • 31.
  • 32. Conclusion When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomewares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks.
  • 33. References • http://www.microsoft.com/security/resources/ransomware-whatis.aspx • http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx • http://www.sophos.com/en-us/support/knowledgebase/119006.aspx • http://us.norton.com/ransomware • http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: • http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and- restore-your-files/ • http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware

Hinweis der Redaktion

  1. Automatic--In most cases, F-Secure's Online Scanner removal tool is able to remove the ransomware, restoring normal access to the system. Manual:
  2. You can follow who's affected by watching this live tracking map created by MalwareTech. We first heard about WannaCry last week from the UK's health service, which appeared to be one of the first major computer systems affected by the hack. It's also called WannaCrypt.