The Rise of Ransomware
Rani Hmayssi
Regional Manager , Emerging markets
Cyber Security Solutions
2 | © 2015, Palo Alto Networks. Confidential and Proprietary. What is Ransomware Ransomware is not a single family of malware, but a criminal business model in which malicious software is used to hold something of value for ransom
3 | © 2015, Palo Alto Networks. Confidential and Proprietary. The First Ransomware Attack – AIDS Trojan
4 | © 2015, Palo Alto Networks. Confidential and Proprietary. Source: PaloAltoNetworks.com/solutions/initiatives/ransomware CryptoWall v3 Investigation
Co-Founded by $325M Palo Alto Networks Estimated Damages Across the Globe Intel Security 44% Victims Paid Up Symantec Fortinet 30.7% Exploit Delivery
Source: http://go.paloaltonetworks.com/cryptowall
6 | © 2015, Palo Alto Networks. Confidential and Proprietary. 1M+ 30+ Unique samples of Families of crypto crypto ransomware ransomware tracked collected in Palo Alto in Palo Alto Networks Networks WildFire AutoFocus threat Threat Intelligence analysis service. Cloud.
7 | © 2015, Palo Alto Networks. Confidential and Proprietary. WildFire Demonstrates the Shortcomings of Current Approach
71.9M 37.5% Of the malware files seen by WildFire each month are detected by the top 6 5.3M enterprise AV vendors*. 2.0M
All Files Malicious Detected by AV *Average monthly values as of January 2016. Source: Palo Alto Networks WildFire and Multi-Scanner
8 | ©2016, Palo Alto Networks. Confidential and Proprietary. Dealing with Ransomware
Preparation Prevention Response
9 | © 2015, Palo Alto Networks. Confidential and Proprietary. 1. Attack Vectors To Prevent 2. Delivery Methods Ransomware: 3. How to Block
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Exploits Macros Exec
Attack Vectors Attack
. 1
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Exploit Email Drive-by Kits Attachments Downloads
Delivery Methods
. 2
12 | © 2015, Palo Alto Networks. Confidential and Proprietary. A Ransomware Email That I Received on my Personal Email More Sophisticated Ransomware Examples
14 | © 2015, Palo Alto Networks. Confidential and Proprietary. Multiple Attack Perimeter Vectors
Cloud/SaaS
Multiple Delivery to Block How Methods . Endpoints 3
15 | © 2015, Palo Alto Networks. Confidential and Proprietary. Reduce Prevent Prevent Attack Known Unknown Surface Threats Threats
to Block How
. 3
16 | © 2015, Palo Alto Networks. Confidential and Proprietary. Reduce Attack Surface Disallow non-org access Block dangerous file types
Extend threat Block unknown traffic intelligence from Block malicious URLs network to Evaluate encrypted SaaS apps Extend zero-trust traffic to endpoints policies to endpoints Stop dangerous file types
17 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevent Block storage or transmission Known Threats of files containing exploits Scan cloud storage & SaaS apps for malicious files
Extend threat intelligence from Block malicious URLs network to Block execution of SaaS apps known malware Stop known exploits, to endpoints malware & command- Block all known and-control traffic exploits
18 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevent Unknown Threats Scan cloud storage & SaaS apps for malicious files
Extend threat Control unknown traffic intelligence from Add context to threats network to Block execution of and create proactive SaaS apps unknown malware protections to endpoints Block all unknown Detect and prevent and zero-day exploits threats in unknown files and URLs
19 | © 2015, Palo Alto Networks. Confidential and Proprietary. Exploit Kits Email Attachments Drive-by Download
✓… ✓... ✓... ✓...Automated ✓Ransomware... ✓ ... ✓... ✓... ✓... Network & Perimeter Prevention Across ✓...Multiple Attack✓... Vectors✓ ... ✓... ✓... ✓... ✓... ✓... ✓... SaaS Applications and Delivery Methods is Only
Possible✓... with✓ ...an Integrated✓... ✓... Security✓ ...Platform ✓... ✓... ✓... ✓... Endpoint
20 | © 2015, Palo Alto Networks. Confidential and Proprietary. Looking at Another Industry Trying to Protect Their Assets
21 | © 2015, Palo Alto Networks. Confidential and Proprietary. Someone breaks Alarm turns on into your safe
Stop Thief from entering Pray you made the Contain right choice
22 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ransmoware attack You find out that succeeds files are encrypted
It’s only a matter of Prevention Remediation time to find out Where would you prefer to be?
23 | © 2015, Palo Alto Networks. Confidential and Proprietary. “Intellectuals solve problems. Geniuses
PREVENT them.” -Albert Einstein
THANK YOU