even Android devices. Common: email or websites; sometimes ... looking emails or click on ads on untrusted sites. Instal
RANSOMWARE ran·som·ware | ˈransəmˌwe(ə)r/ noun a type of malicious software designed to encrypt or block access to a computer system or files until a sum of money is paid.
WHAT'S THE PRICE TAG? Bitcoin is the the #1 payment medium in ransomware attacks, namely because of the anonymity and difficulty to trace transactions.
$300
Average cost of a demanded ransomware payment according to the Institute for Critical Infrastructure Technology
$18M
Combined losses of 992 victims from CryptoWall, reported by the FBI in June 2015
$27M
Estimated Bitcoin transactions from CryptoLocker in a two-month period (ZDNet)
$17,000
The amount a Los Angeles hospital had to pay to recover their email systems and patient files in a February 2016 attack
WHAT'S THE HISTORY? AIDS Trojan: first attack, spread through floppy disks, that encrypted file names & demanded $189 to recover*
1989
Encryption key sizes increasing from Gpcode.AG using 660-bit RSA public key to Gpcode.AK using 1024-bit RSA key*
Windows Product Activation scam leads to users calling to "reactivate" and incurring high international phone charges*
2006-2008
2011
1996
2010
First locker ransomware WinLock: restricts system access and asking for premium-rate SMS to get unlock code*
Yung & Yee developed proof-ofconcept cryptovirus for Mac SE/30 using RSA & TEA*
First OS Xtargeted locker ransomware: persistent web page accusing user of downloading pornography*
XRTN: first attack using pure batch script to encrypt files (evading static detection methods)*** Tox brings scriptkiddies new business models with ransomwareas-a-service**
CryptoLocker: first attack using Bitcoin for transactions*
2012
2013
Reveton locks system saying it's been used for illegal activities; goes mainstream*
*Wikipedia Ransomware ** DarkReading 2015 Ransomware Wrap-up *** SentinelOne Labs Research
2016
2015
2014
CryptoLocker.F & TorrentLocker affected Australia with emails leading to sites that downloaded malicous payload Cryptowall spread through popular websites: encrypted files, deleted shadow copies, stole passwords*
KeLocker: first OS X-targeted encryption ransomware***
WHO ARE THE TARGETS?
The Victims
The Systems
The Channels
Anyone: individuals, businesses, hospitals, schools, government agencies
Anything: notoriously Windows, but recently broadened to Linux, OS X, and even Android devices
Common: email or websites; sometimes directly to the system via backdoors
Attackers are out to make a profit, so ransomware victims are chosen by their likelihood to pay. Attackers often launch the attacks broadly - the more targets, the better chance of making money.
WHAT HAPPENS TO THE SYSTEM? When the attack hits, what happens to the victim's computer or mobile device?
Files or Systems are Encrypted
Average Number of Hours Victim Has to Pay the Ransom
Files Threatened to be Deleted
Files or Systems are Locked
WHAT CAN YOU DO TO PREVENT IT? Recovering from a ransomware attack might not be possible, so it's best to maintain strong security and best practices to prevent infection
#1
Install endpoint security. Make sure your endpoint security has zero-day threat prevention to protect against ransomware variations
#2
Back your systems up often - if you have a recent backup, you can restore your system and avoid paying or losing your files
#3
Follow security best practices for email/web - don't click on links / open attachments in suspiciouslooking emails or click on ads on untrusted sites
WHAT CAN YOU DO IF YOU GET HIT?
Alert Law Officials
With any ransom activity, law officials should be notified
Isolate the System
Take the machine offline so attackers can't use it to access other machines on the network
Don't Pay
Remediate
Restore
You may hear different opinions on this, but if you pay, attackers will only be encouraged - plus you may not get your files back and be a repeat target
Run endpoint security software to find and remove the ransomware. If it cannot detect it, wipe your machine
Restore your files or system back to the last known good copy
www.sentinelone.com
