The Rise of

Rani Hmayssi

Regional Manager , Emerging markets

Cyber Security Solutions

[email protected]

2 | © 2015, Palo Alto Networks. Confidential and Proprietary. What is Ransomware Ransomware is not a single family of malware, but a criminal business model in which malicious software is used to hold something of value for ransom

3 | © 2015, Palo Alto Networks. Confidential and Proprietary. The First Ransomware Attack – AIDS Trojan

4 | © 2015, Palo Alto Networks. Confidential and Proprietary. Source: PaloAltoNetworks.com/solutions/initiatives/ransomware CryptoWall v3 Investigation

Co-Founded by $325M Palo Alto Networks Estimated Damages Across the Globe Intel Security 44% Victims Paid Up Symantec 30.7% Exploit Delivery

Source: http://go.paloaltonetworks.com/cryptowall

6 | © 2015, Palo Alto Networks. Confidential and Proprietary. 1M+ 30+ Unique samples of Families of crypto crypto ransomware ransomware tracked collected in Palo Alto in Palo Alto Networks Networks WildFire AutoFocus threat Threat Intelligence analysis service. Cloud.

7 | © 2015, Palo Alto Networks. Confidential and Proprietary. WildFire Demonstrates the Shortcomings of Current Approach

71.9M 37.5% Of the malware files seen by WildFire each month are detected by the top 6 5.3M enterprise AV vendors*. 2.0M

All Files Malicious Detected by AV *Average monthly values as of January 2016. Source: Palo Alto Networks WildFire and Multi-Scanner

8 | ©2016, Palo Alto Networks. Confidential and Proprietary. Dealing with Ransomware

Preparation Prevention Response

9 | © 2015, Palo Alto Networks. Confidential and Proprietary. 1. Attack Vectors To Prevent 2. Delivery Methods Ransomware: 3. How to Block

10 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Exploits Macros Exec

Attack Vectors Attack

. 1

11 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Exploit Drive-by Kits Attachments Downloads

Delivery Methods

. 2

12 | © 2015, Palo Alto Networks. Confidential and Proprietary. A Ransomware Email That I Received on my Personal Email More Sophisticated Ransomware Examples

14 | © 2015, Palo Alto Networks. Confidential and Proprietary. Multiple Attack Perimeter Vectors

Cloud/SaaS

Multiple Delivery to Block How Methods . Endpoints 3

15 | © 2015, Palo Alto Networks. Confidential and Proprietary. Reduce Prevent Prevent Attack Known Unknown Surface Threats Threats

to Block How

. 3

16 | © 2015, Palo Alto Networks. Confidential and Proprietary. Reduce Attack Surface Disallow non-org access Block dangerous file types

Extend threat Block unknown traffic intelligence from Block malicious URLs network to Evaluate encrypted SaaS apps Extend zero-trust traffic to endpoints policies to endpoints Stop dangerous file types

17 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevent Block storage or transmission Known Threats of files containing exploits Scan cloud storage & SaaS apps for malicious files

Extend threat intelligence from Block malicious URLs network to Block execution of SaaS apps known malware Stop known exploits, to endpoints malware & command- Block all known and-control traffic exploits

18 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevent Unknown Threats Scan cloud storage & SaaS apps for malicious files

Extend threat Control unknown traffic intelligence from Add context to threats network to Block execution of and create proactive SaaS apps unknown malware protections to endpoints Block all unknown Detect and prevent and zero-day exploits threats in unknown files and URLs

19 | © 2015, Palo Alto Networks. Confidential and Proprietary. Exploit Kits Email Attachments Drive-by Download

✓… ✓... ✓... ✓...Automated ✓Ransomware... ✓ ... ✓... ✓... ✓... Network & Perimeter Prevention Across ✓...Multiple Attack✓... Vectors✓ ... ✓... ✓... ✓... ✓... ✓... ✓... SaaS Applications and Delivery Methods is Only

Possible✓... with✓ ...an Integrated✓... ✓... Security✓ ...Platform ✓... ✓... ✓... ✓... Endpoint

20 | © 2015, Palo Alto Networks. Confidential and Proprietary. Looking at Another Industry Trying to Protect Their Assets

21 | © 2015, Palo Alto Networks. Confidential and Proprietary. Someone breaks Alarm turns on into your safe

Stop Thief from entering Pray you made the Contain right choice

22 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ransmoware attack You find out that succeeds files are encrypted

It’s only a matter of Prevention Remediation time to find out Where would you prefer to be?

23 | © 2015, Palo Alto Networks. Confidential and Proprietary. “Intellectuals solve problems. Geniuses

PREVENT them.” -Albert Einstein

THANK YOU