SlideShare a Scribd company logo

Ransomware

Seminar Links
Seminar Links

'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. It is one of the deadliest PC threats. The presentation describes the definition ,types , effects, symptoms, prevention, removal and restoration solution.Visit the link to download the PPT.

Technology
1 of 31
Ransomware Prevention and Removal Visit www.seminarlinks.blogspot.in to Download
What is ransomware? • 'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. • Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
History • The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp. • Extortionate ransomware became prominent in May 2005. • By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. • In 2011, a ransomware worm imitating the Windows Product Activation notice surfaced. • In February 2013, a ransomware worm based off the Stamp.EK exploit kit surfaced. • In July 2013, an OS X-specific ransomware worm surfaced. • CryptoLocker has raked in around 5 million dollars in the last 4 months of 2013.
How do criminals install ransomware? • Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. • Ransomware is usually installed when you open A malicious email attachment Click a malicious link in an email message an instant message on social networking site • Ransomware can even be installed when you visit a malicious website.
Types of Ransomware • Encryption Ransomware • Lock Screen Ransomware • Master Boot Record (MBR) Ransomware
Encryption Ransomware • Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). • Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. • You may see a lock screen but not all variants show one. • Instead you may only notice a problem when you attempt to open your files. • This type is also called 'file encryptor' ransomware.
Lock Screen Ransomware • 'Locks' the screen and demands payment. • Presents a full screen image that blocks all other windows. • This type is called 'WinLocker' ransomware. • No personal files are encrypted.
Master Boot Record (MBR) Ransomware • The Master Boot Record (MBR) is a section of the computer's hard drive that allows the operating system to boot up. • MBR ransomware changes the computer's MBR so the normal boot process is interrupted. • A ransom demand is displayed on screen instead.
Reveton • In 2012, a major ransomware worm known as Reveton began to spread. • It is also known as "police trojan". • Its payload displays a warning purportedly from a law enforcement agency. • claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc. • The warning informs the user that to unlock their system they would have to pay a fine. • To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
CryptoLocker • A Encrypting ransomware reappeared in 2013. • Distributed either as an attachment to a malicious e-mail or as a drive-by download. • encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography. • The private key stored only on the malware's control servers. • Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline. • threatens to delete the private key if the deadline passes. • If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
How to prevent ransomware ? • Keep all of the software on your computer up to date. • Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser-related components (Java, Adobe, and the like). • Keep your firewall turned on. • Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.)
Cont.. • Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program. • If you run Windows 8 or Windows RT, you don’t need Microsoft Security Essentials. • Scan your computer with the Microsoft Safety Scanner. • Keep your browser clean. • Always have a good backup system in place, just in case your PC does become infected and you can’t recover your files.
Identify The Ransomeware Most commonly, ransomware is saved to one of the following locations: • C:Programdata(random alpha numerics).exe • C:Users(username)0.(random numbers).exe • C:UsersUsernameAppData(random alpha numerics).exe
Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat: • Windows Defender (built into Windows 8) • Microsoft Security Essentials • Microsoft Safety Scanner • Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.)
Removal – Other Anti-Malware Programs 1. Start your computer in “Safe Mode with Networking”. 2. Stop and clean malicious running processes. • Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). • Double Click to run RogueKiller. • Let the prescan to complete and then press on "Scan" button to perform a full scan. • When the full scan is completed, press the "Delete" button to remove all malicious items found. • Close RogueKiller and proceed to the next Step.
Clean Remaining Malicious Threats • Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc. • Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed. • let the program scan your system for threats. • Select all threats in result scan and remove all. • When the removal of infected objects process is complete, "Restart your system to remove all active threats properly“.
Delete Cryptolocker Hidden Files • Enable the hidden files view from control panel. • Navigate to the following paths and delete all Cryptolocker Hidden files: For Windows XP • C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime
Delete Temporary files Finally delete all files and folders under your TEMP folders: For Windows XP • C:Documents and Settings<YOUR USERNAME>Local SettingsTemp • C:WindowsTemp For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataLocalTemp • C:WindowsTemp
File Restore- Shadow Copies 1. Navigate to the folder or the file that you want to restore in a previous state and right-click on it. 2. From the drop-down menu select “Restore Previous Versions”. * Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab. 3. Then choose a particular version of folder or file and the press the: • “Open” button to view the contents of that folder/file. • “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive). • “Restore” to restore the folder file to the same location and replace the existing one.
Removing Reveton • Name- Trojan:W32/Reveton and Trojan:W32/Urausy • Boot the system into 'Safe Mode with Command Prompt.' • In the command prompt, type "regedit" and press Enter. • Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data. • Reboot the system again, this time into Normal mode. • Finally, run a full computer scan to repair any remaining files.
Conclusion When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomewares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks.
References • http://www.microsoft.com/security/resources/ransomware-whatis.aspx • http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx • http://www.sophos.com/en-us/support/knowledgebase/119006.aspx • http://us.norton.com/ransomware • http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and-restore- your-files/ http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware
Visit www.seminarlinks.blogspot.in to Download

Recommended

Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?Quick Heal Technologies Ltd.
 

Recommended

Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?Quick Heal Technologies Ltd.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and MitigationNoel Waterman
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)Seminar Links
 
Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)Seminar Links
 
Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)Seminar Links
 
AI and Youth Employment (PPT)
AI and Youth Employment (PPT)AI and Youth Employment (PPT)
AI and Youth Employment (PPT)Seminar Links
 
Environmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPTEnvironmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPTSeminar Links
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging TechnologiesSeminar Links
 
Claytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPTClaytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPTSeminar Links
 
Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018Seminar Links
 
MicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPTMicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPTSeminar Links
 
Performance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPTPerformance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPTSeminar Links
 
Box Pushing Technique
Box Pushing TechniqueBox Pushing Technique
Box Pushing TechniqueSeminar Links
 
Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018Seminar Links
 
Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE) Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE) Seminar Links
 
Artificial photosynthesis PPT
Artificial photosynthesis PPTArtificial photosynthesis PPT
Artificial photosynthesis PPTSeminar Links
 
How to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareHow to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareSeminar Links
 
Dams PPT
Dams PPTDams PPT
Dams PPTSeminar Links
 

More Related Content

Viewers also liked

WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and MitigationNoel Waterman
 

Viewers also liked (6)

WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and Mitigation
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017
 

More from Seminar Links

Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)Seminar Links
 
Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)Seminar Links
 
Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)Seminar Links
 
AI and Youth Employment (PPT)
AI and Youth Employment (PPT)AI and Youth Employment (PPT)
AI and Youth Employment (PPT)Seminar Links
 
Environmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPTEnvironmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPTSeminar Links
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging TechnologiesSeminar Links
 
Claytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPTClaytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPTSeminar Links
 
Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018Seminar Links
 
MicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPTMicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPTSeminar Links
 
Performance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPTPerformance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPTSeminar Links
 
Box Pushing Technique
Box Pushing TechniqueBox Pushing Technique
Box Pushing TechniqueSeminar Links
 
Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018Seminar Links
 
Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE) Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE) Seminar Links
 
Artificial photosynthesis PPT
Artificial photosynthesis PPTArtificial photosynthesis PPT
Artificial photosynthesis PPTSeminar Links
 
How to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareHow to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareSeminar Links
 
Babbitt material ppt
Babbitt material pptBabbitt material ppt
Babbitt material pptSeminar Links
 
Carbon Foam Military Applications
Carbon Foam Military ApplicationsCarbon Foam Military Applications
Carbon Foam Military ApplicationsSeminar Links
 

More from Seminar Links (20)

Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)Artificial Intelligence (A.I.) in Schools (PPT)
Artificial Intelligence (A.I.) in Schools (PPT)
 
Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)Sustainable Materials Management (SMM)
Sustainable Materials Management (SMM)
 
Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)Are Top Grades Enough (PPT)
Are Top Grades Enough (PPT)
 
AI and Youth Employment (PPT)
AI and Youth Employment (PPT)AI and Youth Employment (PPT)
AI and Youth Employment (PPT)
 
Environmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPTEnvironmental Impacts of COVID-19 Pandemic: PPT
Environmental Impacts of COVID-19 Pandemic: PPT
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies
 
Claytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPTClaytronics | Programmable Matter | PPT
Claytronics | Programmable Matter | PPT
 
Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018Three-dimensional Holographic Projection Technology PPT | 2018
Three-dimensional Holographic Projection Technology PPT | 2018
 
MicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPTMicroLED : Latest Display Technology | PPT
MicroLED : Latest Display Technology | PPT
 
Performance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPTPerformance of 400 kV line insulators under pollution | PDF | DOC | PPT
Performance of 400 kV line insulators under pollution | PDF | DOC | PPT
 
Box Pushing Technique
Box Pushing TechniqueBox Pushing Technique
Box Pushing Technique
 
Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018Highest Largest Tallest Longest in India 2018
Highest Largest Tallest Longest in India 2018
 
Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE) Atmospheric Vortex Engine (AVE)
Atmospheric Vortex Engine (AVE)
 
Artificial photosynthesis PPT
Artificial photosynthesis PPTArtificial photosynthesis PPT
Artificial photosynthesis PPT
 
How to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareHow to prevent WannaCry Ransomware
How to prevent WannaCry Ransomware
 
Dams PPT
Dams PPTDams PPT
Dams PPT
 
Bio mass Energy
Bio mass EnergyBio mass Energy
Bio mass Energy
 
Babbitt material ppt
Babbitt material pptBabbitt material ppt
Babbitt material ppt
 
Ceramic Bearing ppt
Ceramic Bearing pptCeramic Bearing ppt
Ceramic Bearing ppt
 
Carbon Foam Military Applications
Carbon Foam Military ApplicationsCarbon Foam Military Applications
Carbon Foam Military Applications
 

Recently uploaded

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Ransomware

  • 1. Ransomware Prevention and Removal Visit www.seminarlinks.blogspot.in to Download
  • 2. What is ransomware? • 'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. • Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
  • 3. History • The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp. • Extortionate ransomware became prominent in May 2005. • By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. • In 2011, a ransomware worm imitating the Windows Product Activation notice surfaced. • In February 2013, a ransomware worm based off the Stamp.EK exploit kit surfaced. • In July 2013, an OS X-specific ransomware worm surfaced. • CryptoLocker has raked in around 5 million dollars in the last 4 months of 2013.
  • 4. How do criminals install ransomware? • Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. • Ransomware is usually installed when you open A malicious email attachment Click a malicious link in an email message an instant message on social networking site • Ransomware can even be installed when you visit a malicious website.
  • 5. Types of Ransomware • Encryption Ransomware • Lock Screen Ransomware • Master Boot Record (MBR) Ransomware
  • 6. Encryption Ransomware • Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). • Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. • You may see a lock screen but not all variants show one. • Instead you may only notice a problem when you attempt to open your files. • This type is also called 'file encryptor' ransomware.
  • 7.
  • 8. Lock Screen Ransomware • 'Locks' the screen and demands payment. • Presents a full screen image that blocks all other windows. • This type is called 'WinLocker' ransomware. • No personal files are encrypted.
  • 9.
  • 10. Master Boot Record (MBR) Ransomware • The Master Boot Record (MBR) is a section of the computer's hard drive that allows the operating system to boot up. • MBR ransomware changes the computer's MBR so the normal boot process is interrupted. • A ransom demand is displayed on screen instead.
  • 11. Reveton • In 2012, a major ransomware worm known as Reveton began to spread. • It is also known as "police trojan". • Its payload displays a warning purportedly from a law enforcement agency. • claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc. • The warning informs the user that to unlock their system they would have to pay a fine. • To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer's webcam.
  • 12.
  • 13. CryptoLocker • A Encrypting ransomware reappeared in 2013. • Distributed either as an attachment to a malicious e-mail or as a drive-by download. • encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography. • The private key stored only on the malware's control servers. • Offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline. • threatens to delete the private key if the deadline passes. • If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
  • 14.
  • 15. How to prevent ransomware ? • Keep all of the software on your computer up to date. • Make sure automatic updating is turned on to get all the latest Microsoft security updates and browser-related components (Java, Adobe, and the like). • Keep your firewall turned on. • Don't open spam email messages or click links on suspicious websites. (CryptoLocker spreads via .zip files sent as email attachments, for example.)
  • 16. Cont.. • Download Microsoft Security Essentials, which is free, or use another reputable antivirus and anti-malware program. • If you run Windows 8 or Windows RT, you don’t need Microsoft Security Essentials. • Scan your computer with the Microsoft Safety Scanner. • Keep your browser clean. • Always have a good backup system in place, just in case your PC does become infected and you can’t recover your files.
  • 17. Identify The Ransomeware Most commonly, ransomware is saved to one of the following locations: • C:Programdata(random alpha numerics).exe • C:Users(username)0.(random numbers).exe • C:UsersUsernameAppData(random alpha numerics).exe
  • 18. Removal – Microsoft Procedure The following Microsoft products can detect and remove this threat: • Windows Defender (built into Windows 8) • Microsoft Security Essentials • Microsoft Safety Scanner • Windows Defender Offline (Some ransomware will not allow you to use the products listed here, so you might have to start your computer from a Windows Defender Offline disk.)
  • 19. Removal – Other Anti-Malware Programs 1. Start your computer in “Safe Mode with Networking”. 2. Stop and clean malicious running processes. • Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop). • Double Click to run RogueKiller. • Let the prescan to complete and then press on "Scan" button to perform a full scan. • When the full scan is completed, press the "Delete" button to remove all malicious items found. • Close RogueKiller and proceed to the next Step.
  • 20.
  • 21. Clean Remaining Malicious Threats • Download and install a reliable FREE/Pro anti malware programs to clean your computer from remaining malicious threats. E.g. Malwarebytes Anti-Malware, Norton etc. • Run "Anti-Malware" and allow the program to update to it's latest version and malicious database if needed. • let the program scan your system for threats. • Select all threats in result scan and remove all. • When the removal of infected objects process is complete, "Restart your system to remove all active threats properly“.
  • 22. Delete Cryptolocker Hidden Files • Enable the hidden files view from control panel. • Navigate to the following paths and delete all Cryptolocker Hidden files: For Windows XP • C:Documents and Settings<YOUR USERNAME>Application DataRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataRoamingRandomFileName.exe • e.g. {DAEB88E5-FA8E-E0D1-8FCD-BFC7D2F6ED25}.exe • C:WINDOWSsystem32msctfime.ime
  • 23. Delete Temporary files Finally delete all files and folders under your TEMP folders: For Windows XP • C:Documents and Settings<YOUR USERNAME>Local SettingsTemp • C:WindowsTemp For Windows Vista or Windows 7 • C:Users<YOUR USERNAME>AppDataLocalTemp • C:WindowsTemp
  • 24. File Restore- Shadow Copies 1. Navigate to the folder or the file that you want to restore in a previous state and right-click on it. 2. From the drop-down menu select “Restore Previous Versions”. * Notice* for Windows XP users: Select “Properties” and then the “Previous Versions” tab. 3. Then choose a particular version of folder or file and the press the: • “Open” button to view the contents of that folder/file. • “Copy” to copy this folder/file to another location on your computer (e.g. you external hard drive). • “Restore” to restore the folder file to the same location and replace the existing one.
  • 25. Removing Reveton • Name- Trojan:W32/Reveton and Trojan:W32/Urausy • Boot the system into 'Safe Mode with Command Prompt.' • In the command prompt, type "regedit" and press Enter. • Look for the following registry values and remove them. For Reveton, delete the "ctfmon.exe" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
  • 26.
  • 27. For Urausy, delete the "shell" registry value from HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWinlogon ONLY IF these two conditions are met: 1. The "shell" registry value is located under HKEY_CURRENT_USER and Not “ HKEY_LOCAL_MACHINE”. WARNING! Deleting the "shell" value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system. 2. There is a reference to a .dat file (e.g. skype.dat) in the value data. • Reboot the system again, this time into Normal mode. • Finally, run a full computer scan to repair any remaining files.
  • 28.
  • 29. Conclusion When it comes to malware attacks, knowledge is the best possible weapon to prevent them. Be careful what you click!! Preventive measures should be taken before ransomewares establish strong hold. Keeping all the software updated and getting latest security updates might help to prevent the attacks. Use of antivirus and original software is highly recommended. Creating software restriction policy is the best tool to prevent a Cryptolocker infection in the first place in networks.
  • 30. References • http://www.microsoft.com/security/resources/ransomware-whatis.aspx • http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx • http://www.sophos.com/en-us/support/knowledgebase/119006.aspx • http://us.norton.com/ransomware • http://en.wikipedia.org/wiki/Ransomware For details in removal and recovery solutions visit: http://www.wintips.org/how-to-remove-cryptolocker-ransomware-and-restore- your-files/ http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware