SlideShare una empresa de Scribd logo

Ransomware Trends 2017 & Mitigation Techniques

Avinash Sinha
Avinash Sinha
Software
1 de 7
Descargar para leer sin conexión
Ransomware -Trends 2017 Ransomware is a type of malicious software that blocks access to the victim's data or threatens to publish or delete it until a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem - and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading, or opening when it arrives as an email attachment. However, one high profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Advanced Ransomware can include functionality like Data Corruption, Exfiltration and Disruption Top trending Ransomwares 1. LOCKY Researchers detected the first sample of Locky in February 2016. Shortly thereafter, it made a name for itself when it infected the computer systems at Hollywood Presbyterian Medical Center in southern California. Officials chose to temporarily shut down the hospital’s IT system while they worked to remove the ransomware, a decision which caused several departments to close and patients to be diverted elsewhere. But without working data backups, the executives at Hollywood Presbyterian ultimately decided to pay the ransom of 40 Bitcoin (70,000 USD). In the months that followed, Locky went through at least seven different iterations: “. zepto,” “. odin,” “.shit,” “.thor,” “.aesir,” “.zzzzz,” and “.osiris.” It also leveraged unique distribution channels like SVG images in Facebook Messenger and fake Flash Player update websites.
2. EREBUS Erebus ransomware could be distributed via different tactics. The payload file that initiates the malicious script for the ransomware that infects your personal computer thrives in the wild. Moreover, there were malvertising campaigns in the past that had spread it via the RIG Exploit Kit. On top of that, the payload file might have a description that is an old, classic RPG game with the file being less than 1 MB in size. Erebus ransomware might also be distributing that payload file on social media sites and file-sharing networks. Freeware programs found on the Web might be promoted as useful but also could be hiding the malicious script for the cryptovirus. Do not open files right after you have downloaded them, especially if they come from dubious sources like links and emails. Instead, you should first scan them. Run a security tool and scan them, while also do a check of the size and signatures for each of the files for anything suspicious. 3.WannaCry WannaCry propagates using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft .It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue, and issued a "critical" security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it. 4. Zeus/Zbot Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods. Using the retrieved information, cybercriminals log into banking accounts and make unauthorized money transfers through a complex network of computers. Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it
is the target of law enforcement agencies when dealing with Zeus. Types of Zeus Family malwares. 5. Javascript Malware/Adware Malware Cyber criminals have injected malicious JavaScript code in the website attackers have compromised, through malicious JavaScript code, the online ads/banners displayed on the website. Online criminals have injected malicious JavaScript code into the website’s database cyber attackers have loaded malicious content or malicious software from a remote server. Consequently, malicious JavaScript files will be downloaded onto your PC when you unknowingly browse an infected website. This is called a drive-by attack and it generally includes 9 stages:  You, as a user, unwittingly browse the compromised website.  The malicious JavaScript files are downloaded on your system.  They are executed through your browser, triggering the malware infection.  The infected JavaScript files silently redirect your Internet traffic to an exploit server.  The exploit kit used in the attack (hosted on the exploit server) probes your system for software vulnerabilities.  Once the exploit finds the vulnerability, it uses it to gain access to your PC’s functions.  This grants the exploit kit the right to execute code and download additional files from the Internet with administrator privileges.  In the next step, malware will be downloaded onto the PC and executed.  The malware can perform damaging functions on the PC. It can also collect information from the infected system and send it to the servers controlled by cyber criminals
6. Microsoft Tech Scam Malware Technical support scams are built on the deception that your computer is somehow broken, and you need to contact technical support to fix it. You may then be asked to pay for support. In some cases, the tech support agent may ask you to install other software or malware disguised as support tools on your computer, bringing in more threats that can cause even more damage. You may come across these threats while browsing dubious websites, most notably those that host illegal copies of media and software, crack applications, or malware. Links or ads on these sites may lead you to tech support scam websites, which display pages that are designed to look like error messages and serve pop-up messages indicating fictitious errors. Some tech support scam threats take the form of executable programs like other malware. 7.Other  Ransom:Win32/Cerber  Ransom: Win32/Spora  Ransom:Win32/HydraCrypt  Ransom:Win32/Critroni  Ransom:Win32/Teerac  Ransom: Win32/Troldesh Ransomware Mitigation Recommendations While ransomware infections may not be entirely preventable due to the effectiveness of well-crafted phishing emails or drive-by downloads from otherwise legitimate sites, the most effective strategy to mitigate the impact of ransomware is having a comprehensive data backup protocol. In order to increase the likelihood of preventing ransomware infections, organizations must conduct regular training and awareness exercises with all employees to ensure common understanding safe- browsing techniques and how to identify and avoid phishing attempts. The following is a list of ransomware mitigation recommendations: Data Protection: - Schedule backups of data often and ensure they are kept offline in a separate and secure location. Consider maintaining multiple backups in different locations for redundancy. Test your backups regularly.
- If an online backup and recovery service is used, contact the service immediately after a ransomware infection is suspected to prevent the malware from overwriting previous file versions with the newly encrypted versions. System Management - Ensure anti-virus software is up-to-date with the latest definitions and schedule scans as often as permitted. - Enable automated patches for operating systems, software, plugins, and web browsers. - Follow the Principle of Least Privilege for all user accounts; enable User Access Control (UAC) to prevent unauthorized changes. - Turn off unused wireless connections. - Disable macros on Microsoft Office software. Enterprise administrators managing Microsoft Office 2016 should use Group Policy to block macros for end users. Microsoft provides detailed instructions here. - Use ad blocking extensions in browsers to prevent “drive-by” infections from ads containing malicious code. - Disable the vssadmin.exe tool by renaming it to prevent ransomware from deleting Shadow Volume Copies. Instructions on how to rename this tool are included here. - Disable Windows Script Host and Windows PowerShell. - Disable Remote Desktop Protocol (RDP) on systems and servers if it is not needed in your environment. - Use web and email protection to block access to malicious websites and scan all emails, attachments, and downloads and configure email servers to proactively block emails containing suspicious attachments such as .exe, .vbs, and.scr. - Configure systems by modifying the Group Policy Editor to prevent executables (.exe, .rar, .pdf.exe, .zip) from running in %appdata%, %localappdata%, %temp%, and the Recycle Bin. CryptoPrevent is a free tool that can help automate this process and prevent ransomware from executing. Download it here. - Implement a behavior blocker to prevent ransomware from executing or making any unauthorized changes to systems or files. - Consider utilizing a free or commercially available anti-ransomware tool by any of the leading computer security software vendors. - To counteract ransomware variants that modify the Master Boot Record (MRB) and encrypt the Master File Table (MFT), Cisco Talos has released a Windows disk filter driver called MBRFilter, available on GitHub here.
- Modify the policy for execution in PowerShell, using the administrative templates. - Allow the execution only of signed PowerShell scripts. - Do not allow the saving of unknown .exe files in the %TEMP% folder. - Do not allow the execution on unknown .exe files. - Apply Windows restrictions such as AppLocker. - For Mac OS X users, consider installing the free tool, RansomWhere? Information about this tool is available on the Objective-See website here and the tool itself can be downloaded here. - Use No-Script/SafeScript while browsing on firefox and Chrome - Updated Antivirus -End Point Protection - Advanced malware detection using AI- ex Cylance - Harden the systems as per CIS benchmark and NIST GuideLines. - Submit sample of Malwares and IOC to CERT Network Management - Keep firewall turned on and properly configured. - Close and monitor unused ports. - Block known malicious Tor IP addresses. A list of active Tor nodes updated every 30 minutes can be found here. - Lateral Movement Detection Software - Real Time Monitoring of malicious traffic using behavioral analytics - Apply Defense in Depth Approach - Network Segregation - During any malware outbreak in industry, go to Lock down mode in terms of Entry point. Restrict end user activity to social media sites and use Web Security Appliance /OpenDNS - Restrict outbound traffic between different zones Mobile Device Management - For Apple iOS users: ensure your data is backed up on iCloud and enable two-factor authentication, only download media and apps from the official iTunes and App Stores, and avoid “jailbreaking” the device. - For Android users: disable the “unknown sources” option in the Android security settings menu, only install apps from the official Google Play store, and avoid "rooting" the device. Post-Infection Remediation
- Alert the appropriate information security contact within your organization if unusual activity is seen on networks, computers, or mobile devices. - Disconnect from networks immediately if an infection is suspected and do not reconnect until the computer or device has been thoroughly scanned and cleaned. - Depending on the variant, a free decryption tool may be available. To determine which variant infected your system, please see the Appendix of this product or use the ID Ransomware website. - If an infection occurs, after removing the malware and cleaning the machine, make sure to change all system, network, and online account passwords. - Contingency Planning & establishing a SOC Center & 3rd party Red Teaming Exercises including APT simulation attacks. Avinash Sinha:- Experienced Security Researcher with a demonstrated history of working in the information technology and services industry. Skilled in Penetration Testing, Vulnerability Assessments, Project Management, Health Care, IoT, Payment Card Industry Data Security Standard (PCI DSS), Linux, HIPPA, FDA, Information Security, and Integration. Strong Emphasis on Enterprise Security and information technology with a Corporate-PGDBA focused in International Business from Symbiosis. Source: Microsoft, TrendMicro, NJSecurity & NIST.

Recomendados

Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of RansomwareTharindu Edirisinghe
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareMavrickHost - Reliable Hosting Partner
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomwareOsirium Limited
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure Compliance and Certification Training
 

Recomendados

Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of RansomwareTharindu Edirisinghe
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareMavrickHost - Reliable Hosting Partner
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomwareOsirium Limited
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure Compliance and Certification Training
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
spyware
spywarespyware
spywareAkhil Kumar
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to MalwaresAbdelhamid Limami
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdfCyber security professional services- Detox techno
 
Malwares
MalwaresMalwares
MalwaresClaire Medolla
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPESdaniyalqureshi712
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomwareMicroWorld Software Services Pvt Ltd
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeSymantec
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSACarl Saiyed
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry VirusEast West University
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 

Más contenido relacionado

La actualidad más candente

Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeSymantec
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSACarl Saiyed
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 

La actualidad más candente (20)

Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Ransomware
RansomwareRansomware
Ransomware
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
spyware
spywarespyware
spyware
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
Malwares
MalwaresMalwares
Malwares
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomware
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud Landscape
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry Virus
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 

Similar a Ransomware Trends 2017 & Mitigation Techniques

Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptxPragatiKachhi1
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 

Similar a Ransomware Trends 2017 & Mitigation Techniques (20)

Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
computervirus.ppt
computervirus.pptcomputervirus.ppt
computervirus.ppt
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Malware
MalwareMalware
Malware
 
Malware
MalwareMalware
Malware
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Computer virus
Computer virusComputer virus
Computer virus
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 

Último

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 

Último (20)

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 

Ransomware Trends 2017 & Mitigation Techniques

  • 1. Ransomware -Trends 2017 Ransomware is a type of malicious software that blocks access to the victim's data or threatens to publish or delete it until a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem - and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading, or opening when it arrives as an email attachment. However, one high profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Advanced Ransomware can include functionality like Data Corruption, Exfiltration and Disruption Top trending Ransomwares 1. LOCKY Researchers detected the first sample of Locky in February 2016. Shortly thereafter, it made a name for itself when it infected the computer systems at Hollywood Presbyterian Medical Center in southern California. Officials chose to temporarily shut down the hospital’s IT system while they worked to remove the ransomware, a decision which caused several departments to close and patients to be diverted elsewhere. But without working data backups, the executives at Hollywood Presbyterian ultimately decided to pay the ransom of 40 Bitcoin (70,000 USD). In the months that followed, Locky went through at least seven different iterations: “. zepto,” “. odin,” “.shit,” “.thor,” “.aesir,” “.zzzzz,” and “.osiris.” It also leveraged unique distribution channels like SVG images in Facebook Messenger and fake Flash Player update websites.
  • 2. 2. EREBUS Erebus ransomware could be distributed via different tactics. The payload file that initiates the malicious script for the ransomware that infects your personal computer thrives in the wild. Moreover, there were malvertising campaigns in the past that had spread it via the RIG Exploit Kit. On top of that, the payload file might have a description that is an old, classic RPG game with the file being less than 1 MB in size. Erebus ransomware might also be distributing that payload file on social media sites and file-sharing networks. Freeware programs found on the Web might be promoted as useful but also could be hiding the malicious script for the cryptovirus. Do not open files right after you have downloaded them, especially if they come from dubious sources like links and emails. Instead, you should first scan them. Run a security tool and scan them, while also do a check of the size and signatures for each of the files for anything suspicious. 3.WannaCry WannaCry propagates using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft .It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue, and issued a "critical" security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it. 4. Zeus/Zbot Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods. Using the retrieved information, cybercriminals log into banking accounts and make unauthorized money transfers through a complex network of computers. Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it
  • 3. is the target of law enforcement agencies when dealing with Zeus. Types of Zeus Family malwares. 5. Javascript Malware/Adware Malware Cyber criminals have injected malicious JavaScript code in the website attackers have compromised, through malicious JavaScript code, the online ads/banners displayed on the website. Online criminals have injected malicious JavaScript code into the website’s database cyber attackers have loaded malicious content or malicious software from a remote server. Consequently, malicious JavaScript files will be downloaded onto your PC when you unknowingly browse an infected website. This is called a drive-by attack and it generally includes 9 stages:  You, as a user, unwittingly browse the compromised website.  The malicious JavaScript files are downloaded on your system.  They are executed through your browser, triggering the malware infection.  The infected JavaScript files silently redirect your Internet traffic to an exploit server.  The exploit kit used in the attack (hosted on the exploit server) probes your system for software vulnerabilities.  Once the exploit finds the vulnerability, it uses it to gain access to your PC’s functions.  This grants the exploit kit the right to execute code and download additional files from the Internet with administrator privileges.  In the next step, malware will be downloaded onto the PC and executed.  The malware can perform damaging functions on the PC. It can also collect information from the infected system and send it to the servers controlled by cyber criminals
  • 4. 6. Microsoft Tech Scam Malware Technical support scams are built on the deception that your computer is somehow broken, and you need to contact technical support to fix it. You may then be asked to pay for support. In some cases, the tech support agent may ask you to install other software or malware disguised as support tools on your computer, bringing in more threats that can cause even more damage. You may come across these threats while browsing dubious websites, most notably those that host illegal copies of media and software, crack applications, or malware. Links or ads on these sites may lead you to tech support scam websites, which display pages that are designed to look like error messages and serve pop-up messages indicating fictitious errors. Some tech support scam threats take the form of executable programs like other malware. 7.Other  Ransom:Win32/Cerber  Ransom: Win32/Spora  Ransom:Win32/HydraCrypt  Ransom:Win32/Critroni  Ransom:Win32/Teerac  Ransom: Win32/Troldesh Ransomware Mitigation Recommendations While ransomware infections may not be entirely preventable due to the effectiveness of well-crafted phishing emails or drive-by downloads from otherwise legitimate sites, the most effective strategy to mitigate the impact of ransomware is having a comprehensive data backup protocol. In order to increase the likelihood of preventing ransomware infections, organizations must conduct regular training and awareness exercises with all employees to ensure common understanding safe- browsing techniques and how to identify and avoid phishing attempts. The following is a list of ransomware mitigation recommendations: Data Protection: - Schedule backups of data often and ensure they are kept offline in a separate and secure location. Consider maintaining multiple backups in different locations for redundancy. Test your backups regularly.
  • 5. - If an online backup and recovery service is used, contact the service immediately after a ransomware infection is suspected to prevent the malware from overwriting previous file versions with the newly encrypted versions. System Management - Ensure anti-virus software is up-to-date with the latest definitions and schedule scans as often as permitted. - Enable automated patches for operating systems, software, plugins, and web browsers. - Follow the Principle of Least Privilege for all user accounts; enable User Access Control (UAC) to prevent unauthorized changes. - Turn off unused wireless connections. - Disable macros on Microsoft Office software. Enterprise administrators managing Microsoft Office 2016 should use Group Policy to block macros for end users. Microsoft provides detailed instructions here. - Use ad blocking extensions in browsers to prevent “drive-by” infections from ads containing malicious code. - Disable the vssadmin.exe tool by renaming it to prevent ransomware from deleting Shadow Volume Copies. Instructions on how to rename this tool are included here. - Disable Windows Script Host and Windows PowerShell. - Disable Remote Desktop Protocol (RDP) on systems and servers if it is not needed in your environment. - Use web and email protection to block access to malicious websites and scan all emails, attachments, and downloads and configure email servers to proactively block emails containing suspicious attachments such as .exe, .vbs, and.scr. - Configure systems by modifying the Group Policy Editor to prevent executables (.exe, .rar, .pdf.exe, .zip) from running in %appdata%, %localappdata%, %temp%, and the Recycle Bin. CryptoPrevent is a free tool that can help automate this process and prevent ransomware from executing. Download it here. - Implement a behavior blocker to prevent ransomware from executing or making any unauthorized changes to systems or files. - Consider utilizing a free or commercially available anti-ransomware tool by any of the leading computer security software vendors. - To counteract ransomware variants that modify the Master Boot Record (MRB) and encrypt the Master File Table (MFT), Cisco Talos has released a Windows disk filter driver called MBRFilter, available on GitHub here.
  • 6. - Modify the policy for execution in PowerShell, using the administrative templates. - Allow the execution only of signed PowerShell scripts. - Do not allow the saving of unknown .exe files in the %TEMP% folder. - Do not allow the execution on unknown .exe files. - Apply Windows restrictions such as AppLocker. - For Mac OS X users, consider installing the free tool, RansomWhere? Information about this tool is available on the Objective-See website here and the tool itself can be downloaded here. - Use No-Script/SafeScript while browsing on firefox and Chrome - Updated Antivirus -End Point Protection - Advanced malware detection using AI- ex Cylance - Harden the systems as per CIS benchmark and NIST GuideLines. - Submit sample of Malwares and IOC to CERT Network Management - Keep firewall turned on and properly configured. - Close and monitor unused ports. - Block known malicious Tor IP addresses. A list of active Tor nodes updated every 30 minutes can be found here. - Lateral Movement Detection Software - Real Time Monitoring of malicious traffic using behavioral analytics - Apply Defense in Depth Approach - Network Segregation - During any malware outbreak in industry, go to Lock down mode in terms of Entry point. Restrict end user activity to social media sites and use Web Security Appliance /OpenDNS - Restrict outbound traffic between different zones Mobile Device Management - For Apple iOS users: ensure your data is backed up on iCloud and enable two-factor authentication, only download media and apps from the official iTunes and App Stores, and avoid “jailbreaking” the device. - For Android users: disable the “unknown sources” option in the Android security settings menu, only install apps from the official Google Play store, and avoid "rooting" the device. Post-Infection Remediation
  • 7. - Alert the appropriate information security contact within your organization if unusual activity is seen on networks, computers, or mobile devices. - Disconnect from networks immediately if an infection is suspected and do not reconnect until the computer or device has been thoroughly scanned and cleaned. - Depending on the variant, a free decryption tool may be available. To determine which variant infected your system, please see the Appendix of this product or use the ID Ransomware website. - If an infection occurs, after removing the malware and cleaning the machine, make sure to change all system, network, and online account passwords. - Contingency Planning & establishing a SOC Center & 3rd party Red Teaming Exercises including APT simulation attacks. Avinash Sinha:- Experienced Security Researcher with a demonstrated history of working in the information technology and services industry. Skilled in Penetration Testing, Vulnerability Assessments, Project Management, Health Care, IoT, Payment Card Industry Data Security Standard (PCI DSS), Linux, HIPPA, FDA, Information Security, and Integration. Strong Emphasis on Enterprise Security and information technology with a Corporate-PGDBA focused in International Business from Symbiosis. Source: Microsoft, TrendMicro, NJSecurity & NIST.