The Digital Hostage: Ransomware in the Workplace

The Digital Hostage: Ransomware in the Workplace

A talk about ransomware - particularly the impact of attacks on businesses. Takes the audience through the anatomy of ransomware and how it has evolved, culminating in the best ways to prevent, prepare for and respond to ransomware attacks.

The accompanying handout can be viewed here: https://goo.gl/ARHDPJ

Presented to The Insurance Institute of Sussex (a local section of the Chartered Insurance Institute) on 5th July 2017.

http://www.ciibrighton.org.uk/

295de4550871dd9a2fbdb7b8539b7797?s=128

Chris Cooper

July 05, 2017
Tweet

Transcript

  1. 3"/40.8"3& JOUIF8PSLQMBDF $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU

  2. 3BOTPNXBSFJTBUZQFPG NBMXBSFUIBUBJNTUPFYUPSU NPOFZGSPNUIFWJDUJN

  3. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  4. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  5. */'&$5*0/ 

  6. */'&$5*0/.&5)0%4

  7. */'&$5*0/.&5)0%4 &."*- 530+"/)034&7*" ","1)*4)*/(

  8. */'&$5*0/.&5)0%4 64# 530+"/)034&7*" %3*7&4 ","#"*5*/(

  9. */'&$5*0/.&5)0%4 */45"--&% 530+"/)034&7*" 40'58"3&

  10. */'&$5*0/.&5)0%4 ."-*$064 530+"/)034&7*" 8&#4*5&4

  11. */'&$5*0/.&5)0%4 76-/&3"#*-*5*&4

  12. */'&$5*0/.&5)0%4 */45"--&%40'58"3& &."*- 64#%3*7&4 ."-*$*0648&#4*5&4 76-/&3"#*-*5*&4

  13. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  14. 1":-0"% 

  15. 1":-0"%4

  16. 1":-0"%4 4$"3&8"3&

  17. 1":-0"%4 -0$,&3

  18. 1":-0"%4 $3:150

  19. "*%45SPKBO

  20. (QDPEF",

  21. $SZQUP-PDLFS

  22. 1":-0"%4 -&",8"3&

  23. &QJD

  24. 1":-0"%4 4$"3&8"3& $3:150 -0$,&3 -&",8"3&

  25. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  26. 413&"% 

  27. %*44&.*/"5*0/.&5)0%4

  28. %*44&.*/"5*0/.&5)0%4 /0/& -0$"-*/'&$5*0/0/-:

  29. %*44&.*/"5*0/.&5)0%4 ."11&% /&5803, %3*7&4

  30. %*44&.*/"5*0/.&5)0%4 6/."11&% /&5803, %3*7&4

  31. %*44&.*/"5*0/.&5)0%4 5)&%*(*5"-,*/% 803.4

  32. %*44&.*/"5*0/.&5)0%4 /0/& 6/."11&%%3*7&4 ."11&%%3*7&4 803.4

  33. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  34. 3"/40. 

  35. 1":.&/5.&5)0%4 3BOTPNXBSFIBTIJTUPSJDBMMZ MFWFSBHFEBSBOHFPGQBZNFOU NFUIPETUIBUBSFIBSEUPUSBDF TVDI BT10#PYFTBOEQSFQBJEDBSET /PXBEBZT NPTUVTF#JUDPJOPSPUIFS DSZQUPDVSSFODJFT

  36. #*5$0*/ #JUDPJOJTEFDFOUSBMJTFEBOEDBOCF MFWFSBHFEUPBDIJFWFBOPOZNJUZ EFTQJUFUIFQVCMJDMFEHFS  #JUDPJOTDBOPGUFOCFMBVOEFSFEWJB NFUIPETUIBUBSFEJ⒏DVMUUPUSBDF

  37. None
  38. "/"50.: */'&$5*0/  1":-0"%  413&"%  3"/40. 

  39. 3"/40.8"3& JNQBDUT #64*/&44&4 1. by encrypting network shares and spreading

    2. by disrupting continuity 3. by never recovering data
  40. “I don't know who you are. I don't know what

    you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.”
  41. 13&7&/5 XJUIHPPEEJHJUBMIZHJFOF 1. keep software packages up-to-date 2. guard against

    phishing 3. guard against baiting 4. employ caution when visiting websites 5. employ caution when installing software 6. install and maintain anti-virus
  42. 13&1"3& GPSUIFVOFYQFDUFE 1. regularly backup 2. check and test your

    backups 3. employ the principle of least privilege 4. consider having a playbook or procedure in-place
  43. 3&410/% UPBUUBDLT 1. isolate infected machines 2. protect backups 3.

    do not pay the ransom 4. report internally and to the police
 (http://www.actionfraud.police.uk/)
  44. 3"/40.8"3& JOUIF8PSLQMBDF $ISJT$PPQFSc4FDVSJUZ$POTVMUBOU