Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Digital Hostage: Ransomware in the Workplace

The Digital Hostage: Ransomware in the Workplace

A talk about ransomware - particularly the impact of attacks on businesses. Takes the audience through the anatomy of ransomware and how it has evolved, culminating in the best ways to prevent, prepare for and respond to ransomware attacks.

The accompanying handout can be viewed here: https://goo.gl/ARHDPJ

Presented to The Insurance Institute of Sussex (a local section of the Chartered Insurance Institute) on 5th July 2017.

http://www.ciibrighton.org.uk/

Chris Cooper

July 05, 2017
Tweet

More Decks by Chris Cooper

Other Decks in Technology

Transcript

  1. 3"/40.8"3&
    JOUIF8PSLQMBDF
    $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU

    View full-size slide

  2. 3BOTPNXBSFJTBUZQFPG
    NBMXBSFUIBUBJNTUPFYUPSU
    NPOFZGSPNUIFWJDUJN

    View full-size slide

  3. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  4. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  5. */'&$5*0/.&5)0%4

    View full-size slide

  6. */'&$5*0/.&5)0%4
    &."*-
    530+"/)034&7*"
    ","1)*4)*/(

    View full-size slide

  7. */'&$5*0/.&5)0%4
    64#
    530+"/)034&7*"
    %3*7&4
    ","#"*5*/(

    View full-size slide

  8. */'&$5*0/.&5)0%4
    */45"--&%
    530+"/)034&7*"
    40'58"3&

    View full-size slide

  9. */'&$5*0/.&5)0%4
    ."-*$064
    530+"/)034&7*"
    8*5&4

    View full-size slide

  10. */'&$5*0/.&5)0%4
    76-/&3"#*-*5*&4

    View full-size slide

  11. */'&$5*0/.&5)0%4
    */45"--&%40'58"3&
    &."*-
    64#%3*7&4
    ."-*$*0648*5&4
    76-/&3"#*-*5*&4

    View full-size slide

  12. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  13. 1":-0"%4
    4$"3&8"3&

    View full-size slide

  14. 1":-0"%4
    -0$,&3

    View full-size slide

  15. 1":-0"%4
    $3:150

    View full-size slide

  16. $SZQUP-PDLFS

    View full-size slide

  17. 1":-0"%4
    -&",8"3&

    View full-size slide

  18. 1":-0"%4
    4$"3&8"3&
    $3:150
    -0$,&3
    -&",8"3&

    View full-size slide

  19. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  20. %*44&.*/"5*0/.&5)0%4

    View full-size slide

  21. %*44&.*/"5*0/.&5)0%4
    /0/&
    -0$"-*/'&$5*0/0/-:

    View full-size slide

  22. %*44&.*/"5*0/.&5)0%4
    ."11&%
    /&5803,
    %3*7&4

    View full-size slide

  23. %*44&.*/"5*0/.&5)0%4
    6/."11&%
    /&5803,
    %3*7&4

    View full-size slide

  24. %*44&.*/"5*0/.&5)0%4
    5)&%*(*5"-,*/%
    803.4

    View full-size slide

  25. %*44&.*/"5*0/.&5)0%4
    /0/&
    6/."11&%%3*7&4
    ."11&%%3*7&4
    803.4

    View full-size slide

  26. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  27. 1":.&/5.&5)0%4
    3BOTPNXBSFIBTIJTUPSJDBMMZ
    MFWFSBHFEBSBOHFPGQBZNFOU
    NFUIPETUIBUBSFIBSEUPUSBDF TVDI
    BT10#PYFTBOEQSFQBJEDBSET
    /PXBEBZT NPTUVTF#JUDPJOPSPUIFS
    DSZQUPDVSSFODJFT

    View full-size slide

  28. #*5$0*/
    #JUDPJOJTEFDFOUSBMJTFEBOEDBOCF
    MFWFSBHFEUPBDIJFWFBOPOZNJUZ
    EFTQJUFUIFQVCMJDMFEHFS

    #JUDPJOTDBOPGUFOCFMBVOEFSFEWJB
    NFUIPETUIBUBSFEJ⒏DVMUUPUSBDF

    View full-size slide

  29. "/"50.:
    */'&$5*0/

    1":-0"%

    413&"%

    3"/40.

    View full-size slide

  30. 3"/40.8"3&
    JNQBDUT
    #64*/&44&4
    1. by encrypting network shares
    and spreading
    2. by disrupting continuity
    3. by never recovering data

    View full-size slide

  31. “I don't know who you are.
    I don't know what you
    want. If you are looking for
    ransom, I can tell you I
    don't have money. But
    what I do have are a very
    particular set of skills,
    skills I have acquired over a
    very long career. Skills that
    make me a nightmare for
    people like you.”

    View full-size slide

  32. 13&7&/5
    XJUIHPPEEJHJUBMIZHJFOF
    1. keep software packages up-to-date
    2. guard against phishing
    3. guard against baiting
    4. employ caution when visiting websites
    5. employ caution when installing
    software
    6. install and maintain anti-virus

    View full-size slide

  33. 13&1"3&
    GPSUIFVOFYQFDUFE
    1. regularly backup
    2. check and test your backups
    3. employ the principle of least privilege
    4. consider having a playbook or
    procedure in-place

    View full-size slide

  34. 3&410/%
    UPBUUBDLT
    1. isolate infected machines
    2. protect backups
    3. do not pay the ransom
    4. report internally and to the police

    (http://www.actionfraud.police.uk/)

    View full-size slide

  35. 3"/40.8"3&
    JOUIF8PSLQMBDF
    $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU

    View full-size slide