Ransomware Threat Brief

Ransomware Threat Brief

Title Ransomware Presenter Date Bill Wright 6/29/2017 Government Affairs Evolution path MISLEADING APP FAKE AV LOCKER RANSOMWARE CRYPTO RANSOMWARE 2005-2009 2010-2011 2012-2013 2014-2017 “FIX” “CLEAN” “FINE” “FEE” 2016 Internet Security Threat Report Copyright © 2017 Symantec Corporation 2 Volume 21 2 36% Increase in Ransomware Attacks o Highly profitable o Low Barrier to Entry - Multiple Software as a Service offerings available Copyright © 2017 Symantec Corporation 3 2017 Internet Security Threat 3 3x as many new ransomware families in 2016 101 30 30 2014 2015 2016 Copyright © 2017 Symantec Corporation 4 2017 Internet Security Threat 4 Ransomware Detections by Country o With 34% of all attacks, US the region most affected by Ransomware o Attackers target countries that can pay the largest ransom o Number of internet connected computers also effect the numbers o But US also has characteristic that is driving up the cost of the ransom Copyright © 2017 Symantec Corporation 5 2017 Internet Security Threat 5 Average Ransom Demand The average starting ransom $1,077 o demand soared in 2016. Once infected many threats o raise price if ransom not paid by deadline Some criminals will o negotiate Targeted businesses will see o higher demands Highest ransom demand for $294 o single machine seen in 2016 - $28,730 (Ransom.Mircop) 2015 2016 Copyright © 2017 Symantec Corporation 6 2017 Internet Security Threat 6 What is Driving Up the Ransom Demand? Percentage of Consumers Who Pay Ransom 64% US o There does not appear to be price sensitivity among victims, especially in the 34% US Globally - As long as victims willing to pay, criminals can raise the price Copyright © 2017 Symantec Corporation 7 2017 Internet Security Threat 7 WannaCry Ransomware Generating Significant Global Attention Copyright © 2017 Symantec Corporation 8 Copyright © 2017 Symantec Corporation 9 WannaCry Ransomware: Basics of the Attack Security Stack Internet • Microsoft announces SMB vulnerability and patch within MS17-010 • Shadowbrokers release EternalBlue in their datadump which exploits this Microsoft SMB vulnerability • WannaCry is seen in the wild and initial compromise vector unknown • WannaCry encrypts files for ransom on host and propagates to other unpatched/unprotected hosts Copyright © 2017 Symantec Corporation 10 Copyright © 2017 Symantec Corporation 11 Attribution: Possibly Lazarus Group • Code used/borrowed from other Lazarus attacks • Earlier versions of WannaCry found on computers with Lazarus tools • Precedence exists: SWIFT Attacks $81million Copyright © 2017 Symantec Corporation 12 Public Private Partnership: WannaCry DHS’s National Cybersecurity and Communications Integration Center (NCCIC) Cyber Threat Alliance Copyright © 2017 Symantec Corporation 13 Petya Ransomware Copyright © 2017 Symantec Corporation 14 Petya Copyright © 2017 Symantec Corporation 15 Looking Ahead Q&A Copyright © 2017 Symantec Corporation 16 Ransomware Thank You! Copyright 2017, Symantec Corporation Symantec’s Timeline of WannaCry Symantec Blocked 22M Attempted Attacks on Nearly 300,000 Endpoint Systems Symantec delivers protection to Symantec delivers further Microsoft announces block SMB exploitation of MS17-010 updates to protect against Continuous Protection vulnerability MS17-010 including blocking for EternalBlue for WannaCry is first potential new variants for and releases patch SEP14, SEP12 and Norton seen in the wild SEP14, SEP12 and Norton Critical Systems Protection (CSP) Data Center Security (DCS) March 14 April 14 May 2 May 12 – 1AM Central US May 12– 3PM Central US Cloud Workload Protection (CWP) IT Management System (ITMS) Control Compliance Suite ShadowBrokers Symantec Endpoint Symantec Global (CCS) release Advanced Machine Intelligence Network Malware Analysis / Cynic EternalBlue Learning and Norton instantly adapts providing MSSP automatically block most protection to SEP14 and Cyber Security Services variants of WannaCry Blue Coat ProxySG Copyright © 2017 Symantec Corporation 18.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    18 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us