Understanding Ransomware in the Enterprise
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Éric FREYSSINET Lutte Contre Les Botnets
THÈSE DE DOCTORAT DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique (Paris) Présentée par Éric FREYSSINET Pour obtenir le grade de DOCTEUR DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Sujet de la thèse : Lutte contre les botnets : analyse et stratégie Présentée et soutenue publiquement le 12 novembre 2015 devant le jury composé de : Rapporteurs : M. Jean-Yves Marion Professeur, Université de Lorraine M. Ludovic Mé Enseignant-chercheur, CentraleSupélec Directeurs : M. David Naccache Professeur, École normale supérieure de thèse M. Matthieu Latapy Directeur de recherche, UPMC, LIP6 Examinateurs : Mme Clémence Magnien Directrice de recherche, UPMC, LIP6 Mme Solange Ghernaouti-Hélie Professeure, Université de Lausanne M. Vincent Nicomette Professeur, INSA Toulouse Cette thèse est dédiée à M. Celui qui n’empêche pas un crime alors qu’il le pourrait s’en rend complice. — Sénèque Remerciements Je tiens à remercier mes deux directeurs de thèse. David Naccache, officier de réserve de la gendarmerie, contribue au développement de la recherche au sein de notre institution en poussant des personnels jeunes et un peu moins jeunes à poursuivre leur passion dans le cadre académique qui s’impose. Matthieu Latapy, du LIP6, avec qui nous avions pu échanger autour d’une thèse qu’il encadrait dans le domaine difficile des atteintes aux mineurs sur Internet et qui a accepté de m’accueillir dans son équipe. Je voudrais remercier aussi, l’ensemble de l’équipe Réseaux Complexes du LIP6 et sa responsable d’équipe actuelle, Clémence Magnien, qui m’ont accueilli à bras ouverts, accom- pagné à chaque étape et dont j’ai pu découvrir les thématiques et les méthodes de travail au fil des rencontres et des discussions. -
Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense -
Ransomware Trends to Watch
2017. 03. 02 Ransomware Trends to Watch Notorious ransomware in 2016 and changes in ransomware trends 220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, South Korea Tel: +82-31-722-8000 | Fax: +82-31-722-8901 | www.ahnlab.com | © AhnLab, Inc. All rights reserved. Tech Report_ Ransomware Trends to Watch Table of Content Introduction ..................................................................................................................................... 3 Findings 1: Representative ransomware in 2016 ............................................................................ 4 1. Locky: No. 1 ransomware of 2016 ........................................................................................ 4 2. Cerber: ransomware with audio guidance ............................................................................. 5 3. CryptXXX: suddenly vanishing ransomware ......................................................................... 7 4. Types of ransomware that encrypt MBR ............................................................................... 8 Findings 2: Key changes in ransomware trends .............................................................................. 9 1. Expanded range of ransomware damages ........................................................................... 9 2. Diversification of distribution methods ................................................................................. 10 3. Changes in ransomware creation ...................................................................................... -
Improved Detection for Advanced Polymorphic Malware James B
Nova Southeastern University NSUWorks CEC Theses and Dissertations College of Engineering and Computing 2017 Improved Detection for Advanced Polymorphic Malware James B. Fraley Nova Southeastern University, [email protected] This document is a product of extensive research conducted at the Nova Southeastern University College of Engineering and Computing. For more information on research and degree programs at the NSU College of Engineering and Computing, please click here. Follow this and additional works at: https://nsuworks.nova.edu/gscis_etd Part of the Computer Sciences Commons Share Feedback About This Item NSUWorks Citation James B. Fraley. 2017. Improved Detection for Advanced Polymorphic Malware. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Engineering and Computing. (1008) https://nsuworks.nova.edu/gscis_etd/1008. This Dissertation is brought to you by the College of Engineering and Computing at NSUWorks. It has been accepted for inclusion in CEC Theses and Dissertations by an authorized administrator of NSUWorks. For more information, please contact [email protected]. Improved Detection for Advanced Polymorphic Malware by James B. Fraley A Dissertation Proposal submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Information Assurance College of Engineering and Computing Nova Southeastern University 2017 ii An Abstract of a Dissertation Submitted to Nova Southeastern University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Improved Detection for Advanced Polymorphic Malware by James B. Fraley May 2017 Malicious Software (malware) attacks across the internet are increasing at an alarming rate. Cyber-attacks have become increasingly more sophisticated and targeted. These targeted attacks are aimed at compromising networks, stealing personal financial information and removing sensitive data or disrupting operations. -
Caught in the Net: Unraveling the Tangle of Old and New Threats
Caught in the Net: Unraveling the Tangle of Old and New Threats 2018 Annual Security Roundup Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information 04 and educational purposes only. It is not intended and should not be construed to constitute legal advice. The Messaging threats increase, information contained herein may not be applicable to all situations and may not reflect the most current situation. in various forms Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing 10 herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document Ransomware remains compelling at any time without prior notice. despite decline in attacks Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to 17 the original language official version of the document. Any discrepancies or differences created in the translation are Critical vulnerabilities in hardware and not binding and have no legal effect for compliance or enforcement purposes. the cloud are found, number of ICS bugs Although Trend Micro uses reasonable efforts to include continue rising accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree 23 that access to and use of and reliance on this document and the content thereof is at your own risk. -
Computer Viruses and Malware Advances in Information Security
Computer Viruses and Malware Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: [email protected] The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional tities in the series: HOP INTEGRITY IN THE INTERNET by Chin-Tser Huang and Mohamed G. Gouda; ISBN-10: 0-387-22426-3 PRIVACY PRESERVING DATA MINING by Jaideep Vaidya, Chris Clifton and Michael Zhu; ISBN-10: 0-387- 25886-8 BIOMETRIC USER AUTHENTICATION FOR IT SECURITY: From Fundamentals to Handwriting by Claus Vielhauer; ISBN-10: 0-387-26194-X IMPACTS AND RISK ASSESSMENT OF TECHNOLOGY FOR INTERNET SECURITY.'Enabled Information Small-Medium Enterprises (TEISMES) by Charles A. -
Advanced Malware Protection Against Ransomware
Advanced Malware Protection Against ransomware György Ács IT Security Consulting Systems Engineer October 2016 Agenda • Modern malware: ransomware • What can be done? • Ransomware analysis examples Ransomware: Easy Profits • Most profitable malware in history • Lucrative: Direct payment to attackers! • Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers. • At that rate, ransomware is on pace to be a $1 billion a year crime this year. • Let’s take an example: • Looking only at the Angler exploit kit delivering ransomware • $60 million dollars a year in profits • Ransomware as a Service, Tox The Evolution of Ransomware Variants The confluence of easy and effective encryption, the popularity of exploit kits and phishing, and a willingness for victims to pay have caused an explosion of ransomware variants. SamSam Locky Cryptowall 73V3N Keranger CRYZIP First commercial TeslaCrypt Fake Petya PC Cyborg Android phone Cryptolocker Teslacrypt 3.0 Antivirus Redplus Teslacrypt 4.0 Virlock Teslacrypt 4.1 Lockdroid Reveton 1989 2001 2005 2006 2007 2008 2012 2013 2014 2015 2016 CryptoDefense Koler QiaoZhaz Reveton Kovter Tox Cerber Ransomlock Simplelock Cryptvault Radamant Cokri DMALock Hydracrypt CBT-Locker Chimera Rokku Jigsaw Dirty Decrypt TorrentLocker Hidden Tear Bitcoin Powerware network launched Cryptorbit Virlock Lockscreen CoinVault Teslacrypt 2.0 GPCoder Cryptographic Locker Urausy Svpeng How Does Ransomware Work? Typical Ransomware Infection • Problem: -
Ransomware Defense Technical Session
Ransomware Defense Technical Session Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark 6/2 - 2018 The Evolution of Ransomware Variants WannaCry The confluence of easy and effective encryption, the PoPularity of NotPetya exploit kits and Phishing, and a willingness for victims to Pay have caused an explosion of ransomware variants. Locky Cryptowall 73V3N Keranger CRYZIP First commercial TeslaCrypt Fake Petya PC Android phone Cryptolocker Teslacrypt 3.0 Cyborg Antivirus RedPlus Teslacrypt 4.0 Virlock Teslacrypt 4.1 Lockdroid SamSam Reveton 1989 2001 2005 2006 2007 2008 2012 2013 2014 2015 2016 2017 Worm type Ransomware CryptoDefense / Koler Desstructionware GPCoder QiaoZhaz Reveton Kovter Tox Cerber Ransomlock SimPlelock Cryptvault Radamant Cokri DMALock Hydracrypt Bitcoin CBT-Locker Chimera Rokku network launched TorrentLocker Hidden Tear Jigsaw Dirty Decrypt Virlock Lockscreen Powerware Cryptorbit CoinVault Teslacrypt 2.0 CryptograPhic Locker Svpeng Urausy TALOS brings the intelligence – Smarter every day Microsoft Shadow Brokers WannaCry vulnerability identified exploit leaked ransomware released Mar 14 Apr 14 May 12 2017 TALOS detects vulnerabilities TALOS detects exploits Customers with NGFW, IPS, Meraki MX already protected Customers with NGFW, IPS, Customers with NGFW, IPS, Meraki MX are protected Meraki MX are protected Plus AMP caught the payload and Umbrella blocked the callout Ransomware Defense Overview Cisco Ransomware Defense Solution Solution to Prevent, -
Magniber V2 Ransomware Decryption: Exploiting the Vulnerability of a Self-Developed Pseudo Random Number Generator
electronics Article Magniber v2 Ransomware Decryption: Exploiting the Vulnerability of a Self-Developed Pseudo Random Number Generator Sehoon Lee 1, Myungseo Park 1,* and Jongsung Kim 1,2 1 Department of Financial Information Security, Kookmin University, Seoul 02707, Korea; [email protected] (S.L.); [email protected] (J.K.) 2 Department of Information Security, Cryptology and Mathematics, Kookmin University, Seoul 02707, Korea * Correspondence: [email protected] Abstract: With the rapid increase in computer storage capabilities, user data has become increasingly important. Although user data can be maintained by various protection techniques, its safety has been threatened by the advent of ransomware, defined as malware that encrypts user data, such as documents, photographs and videos, and demands money to victims in exchange for data recovery. Ransomware-infected files can be recovered only by obtaining the encryption key used to encrypt the files. However, the encryption key is derived using a Pseudo Random Number Generator (PRNG) and is recoverable only by the attacker. For this reason, the encryption keys of malware are known to be difficult to obtain. In this paper, we analyzed Magniber v2, which has exerted a large impact in the Asian region. We revealed the operation process of Magniber v2 including PRNG and file encryption algorithms. In our analysis, we found a vulnerability in the PRNG of Magniber v2 developed by the attacker. We exploited this vulnerability to successfully recover the encryption keys, which was by verified the result in padding verification and statistical randomness tests. To our knowledge, we report the first recovery result of Magniber v2-infected files. -
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control
International Journal of Research and Scientific Innovation (IJRSI) | Volume IV, Issue VIS, June 2017 | ISSN 2321–2705 A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control Jinal P. Tailor Ashish D. Patel Department of Information Technology Department of Information Technology Shri S’ad Vidya Mandal Institute of Technology Shri S’ad Vidya Mandal Institute of Technology Bharuch, Gujarat, India Bharuch, Gujarat, India Abstract – Ransomware is a type of malware that prevents or advertisements, blocking service, disable keyboard or spying restricts user from accessing their system, either by locking the on user activities. It locks the system or encrypts the data system's screen or by locking the users' files in the system unless leaving victims unable to help to make a payment and a ransom is paid. More modern ransomware families, sometimes it also threatens the user to expose sensitive individually categorize as crypto-ransomware, encrypt certain information to the public if payment is not done[1]. file types on infected systems and forces users to pay the ransom through online payment methods to get a decrypt key. The In case of windows, from figure 1 it shown that there are analysis shows that there has been a significant improvement in some main stages that every crypto family goes through. Each encryption techniques used by ransomware. The careful analysis variant gets into victim’s machine via any malicious website, of ransomware behavior can produce an effective detection email attachment or any malicious link and progress from system that significantly reduces the amount of victim data loss. there. Index Terms – Ransomware attack, Security, Detection, Prevention. -
TCP SYN-ACK) to Spoofed IP Addresses
Joint Japan-India Workshop on Cyber Security and Services/Applications for M2M and Fourteenth GISFI Standardization Series Meeting How to secure the network - Darknet based cyber-security technologies for global monitoring and analysis Koji NAKAO Research Executive Director, Distinguished Researcher, NICT Information Security Fellow, KDDI Outline of NICT Mission As the sole national research institute in the information and communications field, we as NICT will strive to advance national technologies and contribute to national policies in the field, by promoting our own research and development and by cooperating with and supporting outside parties. Collaboration between Industry, Academic Institutions and Government R&D carried out by NICT’s researchers Budget (FY 2012): approx. 31.45 Billion Yen (420 Million US$) Personnel: 849 Researchers: 517 PhDs: 410 R&D assistance (as of April 2012) to industry and life convenient Japan Standard Time and academia Space Weather Forecast services Forecast Weather Space of the global community community global the of Growth of Economy of Japanese Growth Promotion of ICT a more for Security and Safety businesses Interaction with National ICT Policy problems major solve to Contribution 2 Internet Security Days 2012 Network Security Research Institute Collabor • Cyber attack monitoring, tracking, • Dynamic and optimal deployment of ation security functions analysis, response and prevention New GenerationNetwork Security • Prompt promotion of outcomes • Secure new generation network design Security Cybersecurity Architecture Laboratory Security Organizations Laboratory Daisuke Inoue Shin’ichiro Matsuo Kazumasa Taira Koji Nakao (Director General) (Distinguished Researcher) Security • Security evaluation of cryptography Fundamentals • Practical security • Post quantum cryptography Laboratory • Quantum security Shiho Moriai Recommendations for Cryptographic Algorithms and Key Lengths to Japan e-Government and SDOs 3 Internet Security Days 2012 Content for Today • Current Security Threats (e.g. -
The Sqlite RCE Flaw
Security Now! Transcript of Episode #694 Page 1 of 32 Transcript of Episode #694 The SQLite RCE Flaw Description: This week we look at Rhode Island's response to Google's recent API flaw; Signal's response to Australia's anti-encryption legislation, the return of PewDiePie; U.S. border agents retaining travelers' private data; This Week in Android hijinks; confusion surrounding the Windows v5 release; another Facebook API mistake; and the eighth annual most common passwords list, a.k.a. "How's monkey doing?" Why all might not be lost if someone is hit with drive-encrypting malware; Microsoft's recent four-month run of zero-day vulnerability patches; the Firefox 64 update; a reminder of an awesome train game for iOS, Mac, and Android; some closing-the-loop feedback with our listeners; and a look at a new and very troubling flaw discovered in the massively widespread SQLite library, and what we can do. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-694.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-694-lq.mp3 SHOW TEASE: It's time for Security Now!, our last episode of 2018. Wow, what a year it has been, and we're not done yet. Microsoft says this was the worst year for zero days, and there are more coming in Windows. A flaw that potentially could be disastrous in a software component almost everybody has on every machine you have. And of course a Picture of the Day, just for the season.