DOCSLIB.ORG

CSO Ransomware Survival Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CSOFROM IDG Ransomware S U R V I VA L G U I DE Five things you need to know about ransom- ware | Why ransomware should haunt you all the time | You’ve been hit with ran­ somware. Now what? | Q&A: Respond­ ing to ransomware the right way | A Blue Team’s reference guide to dealing with ransom- ware | 6 things your users need to know sponsored by The CSO Ransomware Survival Guide Ransomware CONTENTS reckoning 3 Five things you ardly a week goes by with­ need to know about out ransomware making ransomware Hnews. New variants defeat decryption tools; new decryption 5 tools defeat those variants. Why ransomware Fingers are pointed: At users, at should haunt you overburdened, underfunded security all the time staff, at companies that pay (or don’t pay) the ransom. 7 As Lucian Constantin puts it in the You’ve been hit lead story in this collection, “there’s with ransomware. no end in sight.” Now what? What’s a smart company to do? This guide will help you understand 10 and minimize the risk, offer best Q&A: Responding practices for preventing attacks, and to ransomware give you strategies for responding the right way after criminals have encrypted your 13 machines. A Blue Team’s reference guide to dealing with ransomware 16 6 things your users need to know 2 The CSO Ransomware Survival Guide Five things you need to know about ransomware Ransomware has become a real scourge for consumers, businesses and even government institutions. Unfortunately, there’s no end in sight, so here’s what you should know. BY LUCIAN CONSTANTIN ver the past few years, millions campaigns in the past. The most prominent of PCs from around the world case was Operation Tovar, which took over the have been locked or had their files Gameover ZeuS botnet in 2014 and recovered encrypted by malicious programs the encryption keys for CryptoLocker, a noto­ Odesigned to extort money from users. Collec­ rious ransomware program distributed by the tively known as ransomware, these malicious botnet. applications have become a real scourge for In most cases, however, law enforcement consumers, businesses and even government agencies are powerless in the face of ransom- institutions. Unfortunately, there’s no end in ware, especially the variants that hide their sight, so here’s what you should know. command-and-control servers on the Tor anonymity network. This is reflected in the 1. It’s not just your PC that’s multiple cases of government agencies, police departments and hospitals that were affected at risk by ransomware and decided to pay criminals Most ransomware programs target comput­ to recover their files. An FBI official admitted ers running Windows, as it’s the most popular at an event in October 2015 that in many cases operating system. However, ransomware appli­ the agency advises victims to pay the ransom if cations for Android have also been around for a they don’t have backups and there are no other while, and recently, several variants that infect alternatives. Linux servers have been discovered. Security researchers have also shown that ransomware programs can be easily created for 3. Back up, back up, back up Many users back up their sensitive data, but Mac OS X and even for smart TVs, so these and do it to an external hard drive that’s always con­ others devices are likely to be targeted in the nected to their computer or to a network share. future, especially as the competition for victims That’s a mistake, because when a ransomware increases among ransomware creators. program infects a computer, it enumerates all accessible drives and network shares, so it will 2. Law enforcement actions encrypt the files hosted in those locations too. are few and far between The best practice is to use what some people There have been some successful collabo­ call the 3-2-1 rule: at least three copies of the rations between law enforcement and private data, stored in two different formats, with at security companies to disrupt ransomware least one of the copies stored off-site or offline. 3 The CSO Ransomware Survival Guide 4. You might get lucky, but those files are critical to your business and their recovery is time sensitive, there’s little you can don’t count on it do other than pay up and hope that the crimi­ Sometimes ransomware creators make mis­ nals keep their word. takes in implementing their encryption algo­ rithms, resulting in vulnerabilities that allow the recovery of the files without paying the 5. Prevention is best Ransomware programs get distributed in a ransom. There have been several cases where variety of ways, most commonly through mali­ security companies were able to create free cious email attachments, Word documents with decryption tools for particular versions of ran­ macro code and Web-based exploits launched somware programs. These are temporary solu­ from compromised websites or malicious adver­ tions though, as most ransomware developers tisements. Many are also installed by other mal­ will quickly fix their errors and push out new ware programs. versions. As such, following the most common secu­ There are other situations where security rity best practices is critical. Always keep the researchers take control of command-and­ software on your computer up to date, espe­ control servers used by the ransomware authors cially the OS, browser and browser plug-ins and make the decryption keys available to users like Flash Player, Adobe Reader, Java and Sil­ for free. Unfortunately these cases are even verlight. Never enable the execution of macros rarer than vulnerabilities in the ransomware in documents, unless you have verified their programs themselves. senders and have confirmed with them that the Most security vendors discourage paying the documents should contain such code. Carefully ransom, because there’s no guarantee that the scrutinize emails, especially those that contain attackers will provide the decryption key and attachments, regardless of who appears to have because it ultimately encourages them. sent them. Finally, perform your day-to day If you decide to hold your ground, keep a activities from a limited user account, not from copy of the affected files as you never know an administrative one, and run an up-to-date what might happen in the future. However, if antivirus program. 4 The CSO Ransomware Survival Guide Why ransomware should haunt you all the time The problem is much more complex than whether or not to just pay the ransom. BY TIM GREENE hen the ransomware demands down the demand. Earlier this year extortion­ come in it’s really too late to come ists demanded $3.6 million from Hollywood up with a good response plan, so Presbyterian Medical Center to unlock ransom- do that as soon as you can, an ware. They wound up paying $17,000. WInterop audience was told. In some cases the negotiations don’t even go “You need to decide beforehand whether you through a human being, he says. Automated will pay and under what circumstances,” John responses sometimes accept lower amounts, Pironti, president of IP Architects, says. “It’s a and the keys are delivered also automatically cost benefit decision in the end.” once payments — typically in Bitcoin — are But in the heat of the moment what should made. be a rational business decision becomes an Beyond deciding to pay or not to pay, busi­ emotional issue that challenges the morals and nesses should do threat and vulnerability anal­ pride of decision makers. “They don’t want to be yses to identify how adversaries could get in, the ones that paid,” Pironti says, speaking from what they could infect and what the business experience consulting with ransomware victims. impact would be. It just feels wrong to cave in to the demands of Planning is also important because the criminals who have encrypted your machines timeframe for making a decision can be nar­ and won’t turn over the keys until you pay. row depending on the time limit set by the Ultimately those who make the decision must extortionist. act in the best interest of the company. That Once paid, getting the network back to nor­ means deciding when not paying the cost of the mal is no simple matter. Businesses need to ransom is worth the consequences: lost produc­ do forensics to see how the attack unfolded so tivity, missed customer engagements and the measures can be taken to block the same type cost of replacing devices that are irreversibly of attack in the future. That’s because attackers encrypted. “At what point does it cost more to sell lists of businesses that have paid ransom respond to the incident than to pay the ransom?” and what methods the attackers used against he says. Businesses need a response playbook. them so those who buy the lists can use the same One company Pironti dealt with was being attack tool again and again. “They only work threatened with a crippling DDoS attack if they as hard as they have to,” Pironti says. So it may didn’t pay $9,000. Rather than do so they spent create a long-term problem to pay. more than $200,000 on DDoS protection gear Businesses also need to find out where the and consultants to ward off the attack. And then attackers went within the network to discover the attack never came. where they might have buried malware for use When it comes time to pay, try to negotiate at a later time, he says. Often the ransomware 5 The CSO Ransomware Survival Guide attack is used as a distraction so network secu­ unlock the encryption.
Recommended publications
  • Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G

    Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G

    IJRECE VOL. 7 ISSUE 2 (APRIL- JUNE 2019) ISSN: 2393-9028 (PRINT) | ISSN: 2348-2281 (ONLINE) Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G. Student, 2 Senior Faculty, 3Senior Faculty SOE, ADYPU, Lohegaon, Pune, Maharashtra, India1 IT, iNurture, Bengaluru, India2,3 Abstract - Malicious Software is Malware is a dangerous of RATs completely and prevent confidential data being software which harms computer systems. With the increase leaked. So Dan Jiang and Kazumasa Omote researchers in technology in today’s days, malwares are also increasing. have proposed an approach to detect RAT in the early stage This paper is based on Malware. We have discussed [10]. TROJAN, RAT, ROOTKIT in detail. Further, we have discussed the adverse effects of malware on the system as III. CLASSIFICATION well as society. Then we have listed some trusted tools to Rootkit vs Trojan vs Rat detect and remove malware. Rootkit - A rootkit is a malicious software that permits a legitimate user to have confidential access to a system and Keywords - Malware, Trojan, RAT, Rootkit, System, privileged areas of its software. A rootkit possibly contains Computer, Anti-malware a large number of malicious means for example banking credential stealers, keyloggers, antivirus disablers, password I. INTRODUCTION stealers and bots for DDoS attacks. This software stays Nowadays, this world is full of technology, but with the hidden in the computer and allocates the remote access of advantages of technology comes its disadvantages like the computer to the attacker[2]. hacking, corrupting the systems, stealing of data etc. These Types of Rootkit: malpractices are possible because of malware and viruses 1.
  • Adware-Searchsuite

    Adware-Searchsuite

    McAfee Labs Threat Advisory Adware-SearchSuite June 22, 2018 McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware. This Threat Advisory contains behavioral information, characteristics and symptoms that may be used to mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs. To receive a notification when a Threat Advisory is published by McAfee Labs, select to receive “Malware and Threat Reports” at the following URL: https://www.mcafee.com/enterprise/en-us/sns/preferences/sns-form.html Summary Detailed information about the threat, its propagation, characteristics and mitigation are in the following sections: Infection and Propagation Vectors Mitigation Characteristics and Symptoms Restart Mechanism McAfee Foundstone Services The Threat Intelligence Library contains the date that the above signatures were most recently updated. Please review the above mentioned Threat Library for the most up to date coverage information. Infection and Propagation Vectors Adware-SearchSuite is a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them. Mitigation Mitigating the threat at multiple levels like file, registry and URL could be achieved at various layers of McAfee products. Browse the product guidelines available here (click Knowledge Center, and select Product Documentation from the Support Content list) to mitigate the threats based on the behavior described in the Characteristics and symptoms section.
  • Crimeware on the Net

    Crimeware on the Net

    Crimeware on the Net The “Behind the scenes” of the new web economy Iftach Ian Amit Director, Security Research – Finjan BlackHat Europe, Amsterdam 2008 Who Am I ? (iamit) • Iftach Ian Amit – In Hebrew it makes more sense… • Director Security Research @ Finjan • Various security consulting/integration gigs in the past – R&D – IT • A helping hand when needed… (IAF) 2 BlackHat Europe – Amsterdam 2008 Today’s Agenda • Terminology • Past vs. Present – 10,000 feet view • Business Impact • Key Characteristics – what does it look like? – Anti-Forensics techniques – Propagation methods • What is the motive (what are they looking for)? • Tying it all up – what does it look like when successful (video). • Anything in it for us to learn from? – Looking forward on extrusion testing methodologies 3 BlackHat Europe – Amsterdam 2008 Some Terminology • Crimeware – what we refer to most malware these days is actually crimeware – malware with specific goals for making $$$ for the attackers. • Attackers – not to be confused with malicious code writers, security researchers, hackers, crackers, etc… These guys are the Gordon Gecko‟s of the web security field. The buy low, and capitalize on the investment. • Smart (often mislead) guys write the crimeware and get paid to do so. 4 BlackHat Europe – Amsterdam 2008 How Do Cybercriminals Steal Business Data? Criminals’ activity in the cyberspace Federal Prosecutor: “Cybercrime Is Funding Organized Crime” 5 BlackHat Europe – Amsterdam 2008 The Business Impact Of Crimeware Criminals target sensitive business data

  • Mcafee Labs Threats Report August 2014

    McAfee Labs Threats Report August 2014 Heartbleed Heartbleed presents a new cybercrime opportunity. 600,000 To-do lists The Heartbleed vulnerability Lists of Heartbleed-vulnerable exposed an estimated 600,000 websites are helpful to users but websites to information theft. can also act as “to-do” lists for cyber thieves. Unpatched websites Black market Despite server upgrades, many Criminals continue to extract websites remain vulnerable. information from Heartbleed- vulnerable websites and are selling it on the black market. McAfee Phishing Quiz Phishing continues to be an effective tactic for infiltrating enterprise networks. Average Score by Department (percent of email samples correctly identified) Only 6% of all test takers correctly 65% identified all ten email samples as phishing or legitimate. 60% 80% 55% of all test takers fell for at least one of the seven phishing emails. 50% 88% of test takers in Accounting & 0 Finance and HR fell for at least one of the seven phishing emails. Accounting & Finance Human Resources Other Departments The McAfee Phishing Quiz tested business users’ ability to detect online scams. Operation Tovar During Operation Tovar—The Gameover Zeus and CryptoLocker takedown: For CryptoLocker For Gameover Zeus more than 125,000 more than 120,000 domains were blocked. domains were sinkholed. Since the announcement of Operation Tovar: 80,000 times Copycats ****** McAfee Stinger, a free ****** are on the rise, creating tool that detects and ****** new ransomware or removes malware financial-targeting (including Gameover Zeus malware using the leaked and CryptoLocker), was Zeus source code. downloaded more than 80,000 times. McAfee joined global law enforcement agencies and others to take down Gameover Zeus and CryptoLocker.
  • SMM Rootkits

    SMM Rootkits

    SMM Rootkits: A New Breed of OS Independent Malware Shawn Embleton Sherri Sparks Cliff Zou University of Central Florida University of Central Florida University of Central Florida [email protected] [email protected] [email protected] ABSTRACT 1. INTRODUCTION The emergence of hardware virtualization technology has led to A rootkit consists of a set of programs that work to subvert the development of OS independent malware such as the Virtual control of an Operating System from its legitimate users [16]. If Machine based rootkits (VMBRs). In this paper, we draw one were asked to classify viruses and worms by a single defining attention to a different but related threat that exists on many characteristic, the first word to come to mind would probably be commodity systems in operation today: The System Management replication. In contrast, the single defining characteristic of a Mode based rootkit (SMBR). System Management Mode (SMM) rootkit is stealth. Viruses reproduce, but rootkits hide. They hide is a relatively obscure mode on Intel processors used for low-level by compromising the communication conduit between an hardware control. It has its own private memory space and Operating System and its users. Secondary to hiding themselves, execution environment which is generally invisible to code rootkits are generally capable of gathering and manipulating running outside (e.g., the Operating System). Furthermore, SMM information on the target machine. They may, for example, log a code is completely non-preemptible, lacks any concept of victim user’s keystrokes to obtain passwords or manipulate the privilege level, and is immune to memory protection mechanisms.
  • Trojans and Malware on the Internet an Update

    Trojans and Malware on the Internet an Update

    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
  • Rootkits, Part 1 of 3: the Growing Threat

    Rootkits, Part 1 of 3: the Growing Threat

    White Paper | April 2006 Rootkits, Part 1 of 3: The Growing Threat www.mcafee.com White Paper | 2006 Page Table of Contents Key Findings 3 Abstract 3 A Brief History of Stealth Malware (a.k.a. Rootkits) 3 Rootkits, Malware, and Controversy 4 Rootkit Technology Trends 5 Works Cited 7 www.mcafee.com White Paper | 2006 Page Key Findings netstat, ls, and passwd. Because these same tools could be used by an attacker to hide any trace of intrusion, the term 1. In just three short years, the use of stealth techniques in rootkit became associated with stealth. When these same malicious software (malware) has grown by more than strategies were applied to the Windows environment, the 600 percent. rootkit name transferred with them. Today, rootkit is a term . From 000 to 005, rootkit complexity grew by more commonly used to describe malware—such as Trojans, than 400 percent, and year-over-year, Q1 2005 to 2006, worms, and viruses—that actively conceals its existence complexity has grown by more than 900 percent. and actions from users and other system processes. The share of Linux-based techniques has gone from The practice of hiding malware from the prying eyes of a high of roughly 71 percent of all malware stealth users and security products dates back to the very first PC 1 components in 001 to a negligible number in virus, Brain, which was released in 1986. Brain escaped 005, while the number of Windows®-based stealth detection by intercepting PC boot-sector interrogations and components has increased by ,00 percent in the same redirecting the read operations to elsewhere on the disk.
  • The Internet Organised Crime Threat Assessment (IOCTA) 2015

    The Internet Organised Crime Threat Assessment (IOCTA) 2015

    The Internet Organised Crime Threat Assessment (IOCTA) 2015 2 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 3 TABLE OF FOREWORD 5 CONTENTS ABBREVIATIONS 6 EXECUTIVE SUMMARY 7 KEY FINDINGS 10 KEY RECOMMENDATIONS 12 SUGGESTED OPERATIONAL PRIORITIES 15 INTRODUCTION 16 MALWARE 18 ONLINE CHILD SEXUAL EXPLOITATION 29 PAYMENT FRAUD 33 SOCIAL ENGINEERING 37 DATA BREACHES AND NETWORK ATTACKS 40 ATTACKS ON CRITICAL INFRASTRUCTURE 44 CRIMINAL FINANCES ONLINE 46 CRIMINAL COMMUNICATIONS ONLINE 50 DARKNETS 52 BIG DATA, IOT AND THE CLOUD 54 THE GEOGRAPHICAL DISTRIBUTION OF CYBERCRIME 57 GENERAL OBSERVATIONS 62 APPENDICES 67 A1. THE ENCRYPTION DEBATE 67 A2. AN UPDATE ON CYBER LEGISLATION 70 A3. COMPUTER CRIME, FOLLOWED BY CYBERCRIME FOLLOWED BY …. ROBOT AND AI CRIME? 72 4 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 FOREWORD These include concrete actions under the three main mandated Threat Assessment (IOCTA), the annual presentation of the areas – child sexual exploitation, cyber attacks, and payment I am pleased to present the 2015 Internet Organised Crime fraud – such as targeting certain key services and products Centre (EC3). offered as part of the Crime-as-a-Service model, addressing the cybercrime threat landscape by Europol’s European Cybercrime growing phenomenon of live-streaming of on-demand abuse of children, or targeted actions with relevant private sector partners ofUsing cybercrime the 2014 for report the asperiod a baseline, under this consideration. assessment Itcovers offers the a cross-cutting crime enablers such as bulletproof hosting, illegal viewkey developments, predominantly changes from a lawand enforcement emerging threats perspective in the based field tradingagainst onlinesites on payment Darknets fraud.
  • A Step Ahead Focus on Security

    A Step Ahead Focus on Security

    A STEP AHEAD FOCUS ON SECURITY IN THIS ISSUE: HOW MCAFEE UNCOVERED A CYBERCRIME GANG AND AIDED IN THEIR ARREST THE FUTURE OF CYBERSECURITY BIG THREATS, CRITICAL MOVES & ONGOING TRENDS WHAT WE SHOULD AND SHOULD NOT DO IN 2018 INSIGHTS AND TIPS FROM THE WORLD’S MOST FAMOUS FORMER HACKER Think you’re secure? ThinkWhy you you’re may secure? be surprised. Why you may be surprised. With more than 50,000 security threats emerging each day, IT managers like you have a challenging job. Even with carefully crafted policies, the biggest threat Over half of U.S. may come from inside your organization. Firewalls, antivirus software, rules and employees who regulations can only do so much. The final barrier is employee behavior and, when print, scan or you’re waging the war against laid-back attitudes, culprits can be everywhere. copy confidential information never, or rarely, worry that Did you know? those items will remain secure. Intellectual % property (IP) 98 theft has reached Why you should of compromises took “unprecedented” just minutes, or less, levels, costing the be worried: to perpetrate.1 U.S. an estimated $300B a year.2 54% of workers copy, scan or print Who’s ignoring the rules? confidential work. 87% of employees work 1 in 10 rarely or never 1.5 in 10 are not aware of at a company that has follow the policy. what the security policies are. an IT security policy. % However: 60 of workers are not prompted to enter a password before printing. What can you do? With the right balance of people, processes and technology, Make your IT security policy more than a written you can protect sensitive data wherever it resides.
  • An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

    An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

    applied sciences Article An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers Riaz Ullah Khan 1,* , Xiaosong Zhang 1, Rajesh Kumar 1 , Abubakar Sharif 1, Noorbakhsh Amiri Golilarz 1 and Mamoun Alazab 2 1 Center of Cyber Security, School of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China; [email protected] (X.Z.); [email protected] (R.K.); [email protected] (A.S.); [email protected] (N.A.G.) 2 College of Engineering, IT and Environment, Charles Darwin University, Casuarina 0810, Australia; [email protected] * Correspondence: [email protected]; Tel.: +86-155-2076-3595 Received: 19 March 2019; Accepted: 24 April 2019; Published: 11 June 2019 Abstract: In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features.
  • 2016 ICIT Ransomware Report

    2016 ICIT Ransomware Report

    Expert research contributed by the following ICIT Fellows: Danyetta Magana (ICIT Fellow – President, Covenant Security Solutions) Igor Baikolov (ICIT Fellow – Chief Scientist, Securonix) Brian Contos (ICIT Fellow – Vice President & Chief Security Strategist, Securonix) John Menkhart (ICIT Fellow – Vice President, Federal, Securonix) George Kamis, (ICIT Fellow – CTO, Forcepoint Federal) Stacey Winn (ICIT Fellow - Senior Product Marketing Manager, Public Sector, Forcepoint) Thomas Boyden (ICIT Fellow – Managing Director, GRA Quantum) Kevin Chalker (ICIT Fellow – Founder & CEO, GRA Quantum) John Sabin (ICIT Fellow – Director of Network Security & Architecture, GRA Quantum) 1 Contents Introduction: .............................................................................................................................................................. 3 Origins of Ransomware: ........................................................................................................................................ 6 Overview of Ransomware: ................................................................................................................................... 8 Types of Ransomware: .......................................................................................................................................... 9 Locker Ransomware: ........................................................................................................................................ 9 Crypto Ransomware: .....................................................................................................................................
  • What Are Kernel-Mode Rootkits?

    What Are Kernel-Mode Rootkits?

    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.