Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Digital Hostage: Ransomware in the Workplace

The Digital Hostage: Ransomware in the Workplace

A talk about ransomware - particularly the impact of attacks on businesses. Takes the audience through the anatomy of ransomware and how it has evolved, culminating in the best ways to prevent, prepare for and respond to ransomware attacks.

The accompanying handout can be viewed here: https://goo.gl/ARHDPJ

Presented to The Insurance Institute of Sussex (a local section of the Chartered Insurance Institute) on 5th July 2017.

http://www.ciibrighton.org.uk/

Chris Cooper

July 05, 2017
Tweet

More Decks by Chris Cooper

Other Decks in Technology

Transcript

  1. 3"/40.8"3&
    JOUIF8PSLQMBDF
    $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU

    View Slide

  2. 3BOTPNXBSFJTBUZQFPG
    NBMXBSFUIBUBJNTUPFYUPSU
    NPOFZGSPNUIFWJDUJN

    View Slide

  3. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  4. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  5. */'&$5*0/

    View Slide

  6. */'&$5*0/.&5)0%4

    View Slide

  7. */'&$5*0/.&5)0%4
    &."*-
    530+"/)034&7*"
    ","1)*4)*/(

    View Slide

  8. */'&$5*0/.&5)0%4
    64#
    530+"/)034&7*"
    %3*7&4
    ","#"*5*/(

    View Slide

  9. */'&$5*0/.&5)0%4
    */45"--&%
    530+"/)034&7*"
    40'58"3&

    View Slide

  10. */'&$5*0/.&5)0%4
    ."-*$064
    530+"/)034&7*"
    8*5&4

    View Slide

  11. */'&$5*0/.&5)0%4
    76-/&3"#*-*5*&4

    View Slide

  12. */'&$5*0/.&5)0%4
    */45"--&%40'58"3&
    &."*-
    64#%3*7&4
    ."-*$*0648*5&4
    76-/&3"#*-*5*&4

    View Slide

  13. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  14. 1":-0"%

    View Slide

  15. 1":-0"%4

    View Slide

  16. 1":-0"%4
    4$"3&8"3&

    View Slide

  17. 1":-0"%4
    -0$,&3

    View Slide

  18. 1":-0"%4
    $3:150

    View Slide

  19. "*%45SPKBO

    View Slide

  20. (QDPEF",

    View Slide

  21. $SZQUP-PDLFS

    View Slide

  22. 1":-0"%4
    -&",8"3&

    View Slide

  23. &QJD

    View Slide

  24. 1":-0"%4
    4$"3&8"3&
    $3:150
    -0$,&3
    -&",8"3&

    View Slide

  25. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  26. 413&"%

    View Slide

  27. %*44&.*/"5*0/.&5)0%4

    View Slide

  28. %*44&.*/"5*0/.&5)0%4
    /0/&
    -0$"-*/'&$5*0/0/-:

    View Slide

  29. %*44&.*/"5*0/.&5)0%4
    ."11&%
    /&5803,
    %3*7&4

    View Slide

  30. %*44&.*/"5*0/.&5)0%4
    6/."11&%
    /&5803,
    %3*7&4

    View Slide

  31. %*44&.*/"5*0/.&5)0%4
    5)&%*(*5"-,*/%
    803.4

    View Slide

  32. %*44&.*/"5*0/.&5)0%4
    /0/&
    6/."11&%%3*7&4
    ."11&%%3*7&4
    803.4

    View Slide

  33. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  34. 3"/40.

    View Slide

  35. 1":.&/5.&5)0%4
    3BOTPNXBSFIBTIJTUPSJDBMMZ
    MFWFSBHFEBSBOHFPGQBZNFOU
    NFUIPETUIBUBSFIBSEUPUSBDF TVDI
    BT10#PYFTBOEQSFQBJEDBSET
    /PXBEBZT NPTUVTF#JUDPJOPSPUIFS
    DSZQUPDVSSFODJFT

    View Slide

  36. #*5$0*/
    #JUDPJOJTEFDFOUSBMJTFEBOEDBOCF
    MFWFSBHFEUPBDIJFWFBOPOZNJUZ
    EFTQJUFUIFQVCMJDMFEHFS

    #JUDPJOTDBOPGUFOCFMBVOEFSFEWJB
    NFUIPETUIBUBSFEJ⒏DVMUUPUSBDF

    View Slide

  37. View Slide

  38. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View Slide

  39. 3"/40.8"3&
    JNQBDUT
    #64*/&44&4
    1. by encrypting network shares
    and spreading
    2. by disrupting continuity
    3. by never recovering data

    View Slide

  40. “I don't know who you are.
    I don't know what you
    want. If you are looking for
    ransom, I can tell you I
    don't have money. But
    what I do have are a very
    particular set of skills,
    skills I have acquired over a
    very long career. Skills that
    make me a nightmare for
    people like you.”

    View Slide

  41. 13&7&/5
    XJUIHPPEEJHJUBMIZHJFOF
    1. keep software packages up-to-date
    2. guard against phishing
    3. guard against baiting
    4. employ caution when visiting websites
    5. employ caution when installing
    software
    6. install and maintain anti-virus

    View Slide

  42. 13&1"3&
    GPSUIFVOFYQFDUFE
    1. regularly backup
    2. check and test your backups
    3. employ the principle of least privilege
    4. consider having a playbook or
    procedure in-place

    View Slide

  43. 3&410/%
    UPBUUBDLT
    1. isolate infected machines
    2. protect backups
    3. do not pay the ransom
    4. report internally and to the police

    (http://www.actionfraud.police.uk/)

    View Slide

  44. 3"/40.8"3&
    JOUIF8PSLQMBDF
    $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU

    View Slide