SlideShare a Scribd company logo

Ransomware protection

Rohit Srivastwa
Rohit Srivastwa

Quick guide on how to protect against ransomware.

Internet
1 of 20
Download to read offline
1 Ransomware Protection
2 @rohit11 @sccs1300 Collated and compiled by
3 • A malware that encrypts the victim’s files and is controlled by the attacker • Victim is usually an organization but could be an individual as well • The attacker “WILL” demand a payment to decrypt the files • The attacker might • Copy victim data before encryption • Threaten to publish said data (a.k.a. Cyber Extortion) • Publish a portion of the data as ‘proof of life’ (to prove they have your data) @rohit11|@sccs1300 What is Ransomware?
4 Anatomy of a Ransomware attack Attacker Malware comes mostly via • email • RDP • Drive by downloads Attackers makes a copy of file (In many cases) Encrypts the files Demands for ransom If ransom is paid, Attacker “MAY” share the keys to decrypt @rohit11|@sccs1300
5 Strongest recovery from ransomware BACKUP BACKUP BACKUP And Backup @rohit11|@sccs1300
6 Protecting against Ransomware - Basic Patch and update @rohit11|@sccs1300 Install advance malware protection
7 Go to Windows Settings > Update & Security Protecting against Ransomware - Advance @rohit11|@sccs1300 1. Windows Firewall
8 Firewall & Network Protection Protecting against Ransomware - Advance @rohit11|@sccs1300 1. Windows Firewall
9 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
10 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
11 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
12 Protecting against Ransomware - Advance @rohit11|@sccs1300 Go to Windows Setting > System 2. Disable Remote Desktop
13 Protecting against Ransomware - Advance @rohit11|@sccs1300 Go to Remote Desktop 2. Disable Remote Desktop
14 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn this off. 2. Disable Remote Desktop
15 Protecting against Ransomware - Advance @rohit11|@sccs1300 If you MUST have Remote Desktop enabled Ensure “Remote Desktop with Network Level Authentication” is enabled Right click on My PC > Properties > Advanced System Settings > Remote > Select “Allow Connections only from computers running Remote Desktop with Network Level Authentication Also configure firewall to allow only from limited set of IP address 2. Disable Remote Desktop
16 Protecting against Ransomware - Advance @rohit11|@sccs1300 Right click on My PC > Properties > Advanced System Settings 3. Disable Remote Assistance
17 Protecting against Ransomware - Advance @rohit11|@sccs1300 Disable “Allow Remote Assistance” 3. Disable Remote Assistance
18 Other General Measures Few other important measures one should consider • Disable RDP access (port 3389) from the outside world. • If required allow only from limited IPs, not anyone in the world. • Disable SMB access (port 139) from the outside world. • Make sure passwords are strong enough. • Disable SMB v1 • Disable hidden shares/admin shares etc. If you still MUST keep RDP open to the world and still want to be secure, we are just a tweet away… @rohit11|@sccs1300
19 Should the victim pay the ransom? @rohit11|@sccs1300 NO OK. Theoretically, NO However, it has been seen in past that some medical institutions have paid to ensure life saving systems are working unaffected. Remember paying ransom will fuel their economy and who knows fuel many other crime in background…
20 THANK YOU @rohit11 | @sccs1300

Recommended

Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 

Recommended

Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of CompromiseTomasz Jakubowski
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
Desktop Security
Desktop SecurityDesktop Security
Desktop SecurityHardikBhandari7
 
Hack the hack
Hack the hackHack the hack
Hack the hackShakti Ranjan
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 

More Related Content

What's hot

Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of CompromiseTomasz Jakubowski
 

What's hot (20)

Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
Ransomware
Ransomware Ransomware
Ransomware
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
Malware and security
Malware and securityMalware and security
Malware and security
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
The Indicators of Compromise
The Indicators of CompromiseThe Indicators of Compromise
The Indicators of Compromise
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
Desktop Security
Desktop SecurityDesktop Security
Desktop Security
 

Similar to Ransomware protection

HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware PresentationLucy Denver
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxZarwashgulrez
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamJoelGautham
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 

Similar to Ransomware protection (20)

Hack the hack
Hack the hackHack the hack
Hack the hack
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Computer securety
Computer securetyComputer securety
Computer securety
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
hacking
hackinghacking
hacking
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.Gautham
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
Hacking
HackingHacking
Hacking
 
RANSOMWARE.pptx
RANSOMWARE.pptxRANSOMWARE.pptx
RANSOMWARE.pptx
 

Recently uploaded

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 

Recently uploaded (9)

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 

Ransomware protection

  • 3. 3 • A malware that encrypts the victim’s files and is controlled by the attacker • Victim is usually an organization but could be an individual as well • The attacker “WILL” demand a payment to decrypt the files • The attacker might • Copy victim data before encryption • Threaten to publish said data (a.k.a. Cyber Extortion) • Publish a portion of the data as ‘proof of life’ (to prove they have your data) @rohit11|@sccs1300 What is Ransomware?
  • 4. 4 Anatomy of a Ransomware attack Attacker Malware comes mostly via • email • RDP • Drive by downloads Attackers makes a copy of file (In many cases) Encrypts the files Demands for ransom If ransom is paid, Attacker “MAY” share the keys to decrypt @rohit11|@sccs1300
  • 5. 5 Strongest recovery from ransomware BACKUP BACKUP BACKUP And Backup @rohit11|@sccs1300
  • 6. 6 Protecting against Ransomware - Basic Patch and update @rohit11|@sccs1300 Install advance malware protection
  • 7. 7 Go to Windows Settings > Update & Security Protecting against Ransomware - Advance @rohit11|@sccs1300 1. Windows Firewall
  • 8. 8 Firewall & Network Protection Protecting against Ransomware - Advance @rohit11|@sccs1300 1. Windows Firewall
  • 9. 9 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
  • 10. 10 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
  • 11. 11 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn on Firewall for each network 1. Windows Firewall
  • 12. 12 Protecting against Ransomware - Advance @rohit11|@sccs1300 Go to Windows Setting > System 2. Disable Remote Desktop
  • 13. 13 Protecting against Ransomware - Advance @rohit11|@sccs1300 Go to Remote Desktop 2. Disable Remote Desktop
  • 14. 14 Protecting against Ransomware - Advance @rohit11|@sccs1300 Turn this off. 2. Disable Remote Desktop
  • 15. 15 Protecting against Ransomware - Advance @rohit11|@sccs1300 If you MUST have Remote Desktop enabled Ensure “Remote Desktop with Network Level Authentication” is enabled Right click on My PC > Properties > Advanced System Settings > Remote > Select “Allow Connections only from computers running Remote Desktop with Network Level Authentication Also configure firewall to allow only from limited set of IP address 2. Disable Remote Desktop
  • 16. 16 Protecting against Ransomware - Advance @rohit11|@sccs1300 Right click on My PC > Properties > Advanced System Settings 3. Disable Remote Assistance
  • 17. 17 Protecting against Ransomware - Advance @rohit11|@sccs1300 Disable “Allow Remote Assistance” 3. Disable Remote Assistance
  • 18. 18 Other General Measures Few other important measures one should consider • Disable RDP access (port 3389) from the outside world. • If required allow only from limited IPs, not anyone in the world. • Disable SMB access (port 139) from the outside world. • Make sure passwords are strong enough. • Disable SMB v1 • Disable hidden shares/admin shares etc. If you still MUST keep RDP open to the world and still want to be secure, we are just a tweet away… @rohit11|@sccs1300
  • 19. 19 Should the victim pay the ransom? @rohit11|@sccs1300 NO OK. Theoretically, NO However, it has been seen in past that some medical institutions have paid to ensure life saving systems are working unaffected. Remember paying ransom will fuel their economy and who knows fuel many other crime in background…