Ransomware: History, Analysis, & Mitigation

okay as we can hello everyone thanks for coming to the session today before leaving and career going to talk to you today outran someone raise your hand you you will understand if you're related to local organizations and affected by Brennan's American degree a lot of training throughout that's great so what we're gonna do is going to talk about rank swearing on a mini fishery and we'll get it productive and like WebEx do you have it let me talk about how to invest many meters with the my name is be incontinent I'm outta Dallas Texas I have probably when you're close jobs in the entire world what I get to do be like the health customers really basically

leverage the tools I were provided to the best of its ability such big treated with magnet above I have a green universität Norrington in education system on my compieteiy focus people SSDP IFSP farm is nice word and I recently got my a G F G pen certifications where happening on army actually survive necessary I'm very happily narration I have a two little older home so I'm typically the hacker guidance and what I wanted to show my wife she is he traveled after in my pain we go all up the crazy time this is us along here glacier up in Alaska this is my daughter Kim week they chip off you'll walk to her mom she is a artist and his crazy

people did and the other one is a little hard she take that her name's Charlotte and I gonna go someone can you get those sexual at some point most didn't sleep with like teddy bears growing on not Charles she's into the key you think so also remember that else hackers association and shadows east and africa life divided alle so all we just do a lot of good games and that may get the information securing a community here so that's why I'm actually here I'll just get back continue so give you a rundown what's going to happen today we're going to give you a rundown what actually is about having the random or from it kind of what it is how it works

about regular in their news from the most recent infection as I had better line we'll talk about the timeline coming evolution of ransomware where it started in the early day and I'm going to do a ten point out kind of look at it computer perspectives we're going to look at it from the section itself and with everywhere line but then we're also going to look at what teacher network looks like command and control and see about that and then we're going to talk about illuminator core of all random brandsmart outside the scope of Windows of an operating system and now we're going to talk about communication protecting how to actually prevent yourself enterprise protein compromise

Fire Nation so cyber extortion that's what kind of rates more fall news is it's a sorting it's a primal threat involving the attack over against a person enterprise troubled by the demanded stop the attack they take on multiple form it's the impurity native or holding causative agent and blocking access here is you take them there's no good Imperial bath so there are three main types of extortion embassy in Cairo world day there's the EOS extortion so we'll you know Josh recited some peasant certain on money we have a interesting segment called sextortion we'll touch on that later no pun intended and ranching and that what we're really gonna focus on today so ransomware itself is defined

leveraging technical controllers to inhibit use of the system and poor gating that operates on the assumption that the value of the data cetera away from you is important that your page work but unfortunately there's no actual guarantee that you're going to get your data order suspect didn't fare very lucrative criminal enterprise is a heart record stating n XI 1 2015 the amount of ransom paid globally with also 216 million dollars if you compound that with the rest of the quarters you're looking at an annual amount of ransom paid up into one developer so here's another scary set fact is we're only operating with a certain amount of London feeding because that that that some organizations don't disclose a have

been subjected to insurance they are not we don't have that information to go on is both analysis protective coatings you know now the tip that is trying to improve on that that deep reach of ransomware is a compromise you've estimated with the CIA triad an information security confidentiality integrity and availability eating one of those three facts adapted to compromised in that concentration and with ransomware complimented the system you lose the availability to your Dave even at the data exfiltration it's still a preach now we also semantic spatial order of American homes actually method how many of you actually believe that you get either the web product I'm either maybe that will be giving five percent maybe less of actionable

naturally at home speaker actual economic and then also and this is probably the entire statistic I think of this collective years that are blessed hold on over half of the US companies with an infected by binoculars under group some of the most largest ransoms pages in the last few years are pretty pretty concerning I like this that's a very honest file shape you've got their blood that goes Valley College recently $30,000 in cryptocurrency pay data versus inspectors and are literally Calgary point at Presbyterian Medical Center which of them many constants constants Asian critical data and pay $17,000 status data now ranging in our property through different vectors one of the most damaging doesn't necessarily an effect organization monetary this is

golden Alberta malvert eyes using malicious manner maps propagate exploit kids and malware in order spread around under the ransomware not for the X combined anger between a nuclear magnitude a lot easy to find in the dark net and a performs on the usually a one by junior team criminal syndicate and that's how they start walking back some of the Dayton so what you'll do is you go to the gym it was a devotee of the sky Annabella Realtors all you've been affected by advertising some degree they're serving a malicious content understand they're not controlled upon on their website so here's New Yorkers a big present for all need to serve up malicious content unbeknownst also what I love about this

screenshot here this is the newer times that hey gun click on the pop-up unauthorized or eliminated all right they were affected in March 2016 which is a veteran thing a date on this one that's under 913 in public Valley nine this is happening to the New York Times multiple times over not cool alright so moving forward and talk about evolution of ranchland where you're a team where it's humble beginnings okay Anita they actually creates an area this will be a virus then started in 1889 don't know by the name of Joseph popped his doctor wrote it and was propagating for plausible what would you do that for nineteen babe good really good while out issue here and actually put the files

elfin Atlas to what you do is you write a check and it's a post office box and camel and supposedly you get your data back what ended up happening was the Scotland Yard investigate and they would actually have ribosomes so eat if in two years in jail for blackmail he said that the Monday's been raising was actually going to fund the aid research but really wide alright so let's move forward the age of the Internet rather than because maintaining this before this at the FBI box screen style of ransomware what this will do is prevented error message or alert thing you then doing that base your machine you need a $189 between our gifts or

parts in the FBI other case woman on believable to that very teeny disoriented and made your systems back this artist in 2011 and again all it was walked about your piece it wasn't doing the actual encryption at that space so all committed to communicate food change the registry you're back in business on the other evening up right well here's this is it has a Castilian case and it has devastating consequence we see no mention each on the person was affected by this law enforcement with actually after the man ended up committing suicide pretty dead set on the positive side on a lot of criminals idiots I presented the same talk at a fraud investigators son at a while back

and one of the detectives so do you understand probably twice a month we get somebody that turns themselves in or child pornography because they get this sort of ransomware to the Chuggington built-in because it is great so let's talk about paper you guys familiar cryptocurrency often I'm so blessed I'm a huge fan and particularly big women like because there's a lot of admin have a name is super different so a little bit hard fact anonymous air induction perfect for back and forth without having to involve Ursula another part of your bank and six year you know exactly the amount you know in fact it would be mounted to instantaneous so we can transfer money flows across the world and it's not

regulated like central bank government of the sport which I portion something for husbands it's absolutely perfect for enforcing that maximum so take a look at this news for the cryptolocker this is what one the bigger ones ever come in their book this is the price of Bitcoin up until it just went like this reason we're about go over a thousand dollars and a lot of that's due to Chinese currency valuation but this is what it look like previously take a look about 2013 started right out there that's where this particular any play interesting so as soon as this particular malware very intimately because people reading random they had an anchor difference and they try slide

2 over L no f9 biology this is propagating for the particular malware botnet called entrances and it used with help domain generation algorithms well that is a series of characters in is doing its algorithm create they're doing what you do is you see some different spring them and they don't register want to this is an example okay do you might notice is a particularly malicious it variant star you most of the hints and where they believe propagates Odyssey so this would look like for the deeper now this is the first one all that music in oddity because most rings worked prior 2002 you file encryption but this one making Nagin will disqualify our services what so the important

enterprise not just a home user this is particularly named this is a s23 be symmetrical encryption media at a private key and a public key so very difficult for encryption and crypto walking with the came back domain over doable parental er now is at the plunge rocks or Kleenex you know a big birthday wonder right so what ended up happening particularly with cryptolocker was interval beyond international offers got involved they were actually able to shut down the game over subscribe overnight on massive decline in ransom or infections they were actually able to get time control service result and acquired public or private in order to facilitate operations so this particular variant random are just therapy deadness

let's cut the hell out of IRA for you throw back right same thing happens here defined somewhere and that kind of leads us to the next relevant - more than experience is that stormwater visit one actually was spared isolated situation it started mostly Australia music we did the joke and what this was this propagated modem Tina and vision what they would say is and I mean mostly two different variants in either a tack notice or red light violation you get you know a cooking Elaine McCollum's love these experiences walk okay a combination of a series of commands of Australia or New South Wales all that - per suppose God or whatever he'll need so you see like importunate

that of the USFL so any organization have the ability to block domain names with will come fully sitting reg X block so it's very easy movie the board this is probably my favorite versions here is also or Tesla trip this one originally started going after video gamers their 100 World of Tanks World of Warcraft guys effect locking them out of their states and it goes into the Cybermen from Doctor Who you notice two generations has been famous or D Cybermen they live all and that's exactly what this variant ransomware is involved at so they reduce 3100 video rightful they realize not as profitable and very buggy else so they both they start expanding the amount of

publications they went after so they started going after image database models you mean they started using compromised website and domain for command control in addition to using exploits they're using whole including from a very wide everybody to get so if they evolve what happened was version 1 unit football 8 heads symmetrical team so the same password exists on both sides it's barely meaning encrypt and how does it actually did they released a protocol Tesla within about two weeks the bad actors created version 2 about the Tesla script with a the ventricle Kirk she said and essentially serving about version 4.1 with just reading for this back in April I have really good news he has unbound

and good the government for you but I am happy to announce the test with her efficacy that what our researchers found were that there was less propagation of the hospital occur very in lieu of other versions like protect protects so what happens with an analyst actually own the hospital secured website on the Japanese that you have support for this images and instead enabled I notice you guys are shutting down I have a private key and she actually responded and the actual private key or a possessive group and so totally there happens prepare for this and announce it work I did buy this particular malware variant I hear team has an option for you we're sorry

yep you're sorry what are they sorry for infecting people I or device it's serving up hot topic ever now so building for printable this is an interesting one because the way it communicate on a fact very similar to cryptolocker with one small group variant here it's located to 2014 this is probably the biggest barring things all the time against you exploit it and compromise web servers for main controller community in fact that I guess we'll discuss that venture that traitor but what different up this particular variable is effectively a conservative community and in particular support or IGP are you guys early report of you know completely an armlock we have a Paraclete economist communication so

that kind of evolution Wrangler there's many covariance that I wanted to highlight for you I wanted a collision their ingenious on how they actually have spread or how they actually come accomplices the first one is at yet this did Master Boot Record encryption rather than encrypting files themselves this actual forces of mystery and death are in constant system to reboot it think that's doing objective but in reality it's actually reinforcing a natural lubricant so it's walking out of the entire computer not just the files previously you can get a new computer at all so that session this one fault power where this one particularly scary because that there's no addition download what's using to do

the violent Richard to caller show an app dated on citizens windows set so in the end of the distance through Excel spreadsheets and macros or one up and then it's leveraging power shoulders encourage you on board so it's pretty crazy from an analysis perspective it's hard to detect where the community like that is long I was going to give this message eggs often them it's all news that this is the jigsaw spirits all right I suppose for my library for lives are not the court session was actually out this is a very serious matter because I asking too much under good job as compared to the majority of ranks we're basically seeing the average payment

other 19 is around $600 this is only under that but brief you're very incentivized today it's done it's going to be a hundred files every hour you have permanent hook up but I think you're as smart and one certain that that chef machine online I watch a lot so you're very much l'm invited pay so there is minimis decryptor are based out now so you getting art that divided it will talk to me go get it to prepare solution this one is a very nutritional this is Hampton or macro house in Sanskrit language which is what nourishes our boxers this one propagated from vulnerability in jail web servers so with most of the commodified exports

which is how these variants are the propagating the requiring in user interaction all right double clicking the link double clicking in JavaScript okay this one takes advantage of the excellent believe in the webserver itself so for some manual interaction what interesting this one was going after medical institution and higher education primary and last time I ran stand at the owner believe will add we served on deepest jails on old here's where it gets scary once in comma - isn't it water balloons so it goes in and spread because what's from the lands where actors are affected what better than ransoming one machine i see all the sheets right so that was particularly scary I didn't shut down there right

just wind machine absolute miles of them everywhere to the main organization whether the patron suspect rammed it recently got all their systems and it was through the lateral movement of maliciousness upward this is my favorite one this is the Donald Trump ransomware wasn't built a wall around your file and make you pay for it so there's a new version rights with a person a friend are bringing stripping in particularly scary because it's open source frame it's freely available online they marketed as what education one who we see typically in the market right now or hidden tear and one of the applicants right there number two creators and it also did this particularly scary this is

all great summer at the service you don't have to be smart enough to write something or you just have to be malicious enough propagated they very could see the ropes they went out at the short Adam ransom variant that was the personal but here's the next one this is what I call the flavor the mantra in soccer where I am ever so almond and I always try to pick out the newest bearing down and this is the one that I found a Satan this is ransomware as a service what does allows you to do is you go into tour over website create your own random taking notes you want the tetragrammaton that set the they don't pay after certain amount

engage the ranks and doubles to this amount even into the instruction on how to create a delicious macro it's so stupid deserting you and I didn't and the videos of it all you have to do is create and add lighting solution so that kind of the evolution of ransomware and the variant that I often got going on so let's do an analysis of what's actually happening in ransomware them and so this is what it looks like it's a very fairly cheap property look at installation the dropper is executed what happens is what's called its own owner the geolocation all that once that happens the data exchange II cook that encryption each change happens once that

its debilitated the encryption keys stored on the command and control server that facilitated the actual encryption on a machine once the encryption is completed then the extortion messages prevent it's an intuitive and the absorption process has gone didn't we this way kind of looks like if you're looking at it from on a web traffic projector okay so we've got two several websites listed here in the Dayton time this is what I infected a game somebody's not willing to click on a link right then once you see if the geolocation call back you notice I got our I see stashed and our documents if you have the ability block websites the organization block that URL what that is

the geolocation all that can it's very soon at what that incursion exchanger this is where the absolute seats you have this is where the data is being transferred to the bad guy these are compromised websites and a friend of mine cutting we go by hiberno-english your Chancellor this is what it looks like put the tea to suck okay now before any further I want to show off the beautiful young lady right here that is my granddaughter that only clicks on a great singer yeah I had to take a ransom offer system so many times that I've actually sold the PD I said regular that's hot so anyways is what it looks like the product that they issue the typing she

puts on a fishing lake or she goes to a effective website with Mal reviving egg leveraging the exploits it's an automatic reversal curses and then goes and talks to the series of compromised web servers and that are due to three create and register or hat website themselves and they talk to that it creates a channel either I to be your tour back to the bad guys that's what it comes with I can about logic now I mentioned that geolocation color and Montuna probably one of the most order shooting higher process to reason and because the communicating cradle inflation factor that is what the student is telling these bad guys where you're looking and he does that for several reasons one it

will present the right message in the native language in which shows resided I did a test and I use the same variant protects access to two locations one in Dallas that was relevant and another Mexico see when those listen for exact copies of their BMD a they've presented the ransom antigen English versus change but also they presented to me identify okay what happened information to you see it will be compromised so they try to restrict the invention of one machine the forwarding analysis some variance gives us some time but that's we will see so what you see is the effect or bad guys are a eleven the other thing I forgot to mention here is that these

malicious actors undereating economies of scale they understand that cases are devalued versus American currency so when I hid my authorized system in Mexico City the random Palestine at $370 I did the same thing in Dallas is like third one it's crazy you guys know that you're more apt a it's someone reasonable that you can afford to pay so that's kind of it from a analysis perspective immediately cuts on Windows an operating system those then the majority brings in rather than line is but there's so much more to expert than chasers and that's where I was created deception ransomware all first one was on the Lenox innovator this is a combination of the hidden fear of open source variant and it only

attacks web servers and only for certain folders mostly while the people at you reporters they only asked for one Bitcoin I'm creatively that not a big amount that was you know to $300 but now it is spiking to eleven twelve hundred dollar signs so that that's now actually a significant amount of money there have been three different versions of this variant of ransomware and all internet and broken within a matter of months I'm sore early confident and replenish all right so movie board this is the only version of OS X ransomware right now this is called the hood exterior this was a discovered and shut down fairly quick in March 2015 what interesting about this one is the

fact that in feedback on the trade mission it bits on web client this was downloaded 6,000 times but only X and actually compromised only maybe a couple hundred system over time so what this was is a combination of previous learning converter which fluttered in tears well and that Linux coder didn't see any beta version and what they could do is they hacked the bit of transmission website they had the open source code available a so they objected the source code of ransomware into the open source of the transmission client and then they links to website updated an 85 hack so if you check the hash value adult shut down right so that was the key thing right there that 85

action so what I found very confusing about this particular variable to fact that Apple requires developers keep your applications and they have a way to block the developer key that was used to create this particular brand of brain tumor result out of church well Eve actually developed out of church as well things that the mayor is including both now this is I know that's ransomware see the air quotes ransomware okay this is the old latest little started in 2014 which is both Jesus dead I paid for a smart eclipse definition right do you have control to block access to your system but it's not actually doing any encryption and it's not doing it based on any engineer interaction clicking

laying or over human values what happened is these guys got fish so Iowa I thought has the ability to several things for ninjas ones which is remotely blocking or walking machine conditioned leisure tone and remotely wiping able to think in comments welcome back guys are using the same features that there Apple gets to the users viciously so will the element you guys are getting iCloud account fish they're sitting Aventis billion in the last moment I am Amy within a certain amount of time we're going to wipe the funk and actually work people attending we did find out which should be Australian that actually you're not a service Russian Australian officials traffic back to Russia and they arrested you I'll be

given slap on the wrist so it goes out their way but yes but this was a little bit plus version but again this is still active today now does this sit one CID locker welcome you say to setback Android absolutely not a secure platform itinerant there are so many different variants ransomware in the market that I really take when to talk about except for this if lockers one the one that actually started doing the first level file encryption on the Android OS this will discovered in 2014 and prior suggest were things as mostly the screen offers one the damning in communicate on did they will you be back under system this one actually started doing encryption

but so it started just going after JPEG - just a minute branch out started doing more is also a very similar cryptolocker in the fact that 82 communication using for so this was a fully matured bearing a ransomware on a mobile platform that's why but warranty to highlight lovely there is a quick review for this particular variant but they're like I said there's been hundreds of different variants that I have come about some of this about 2014 [Music] this evil evil variants where I've ever seen in my entire life this is the adult letter extortion and - alright see that icon right here at problem number six but what does is you download this and it run function at the

core movie player really once again though is why does it work if you hadn't formed any player it's taking photos video using one base camp at that is going yeah so it shows you the sort of that angel peg contactless very variable supper yeah what leader is appropriate so what's next in the world there are of things instance an aperture size all disagreeing the internet ik things going without turning off the beat until you wanna warm up bank account 70 $25 other until everyone in sodium network is receiving enough to buy an internet-connected burn so you have triple-a issued critical interest rate that IOT Internet in accurate I absolutely agree so think about what's in this thing we

talked about okay pacemakers insulin pumps all you things have been exploited by penetration testers and other billion people so these are ethnic actors you just want that on two years ago regular driver car off the road into a cornfield imagine we can monetize that in and exertion your how obvious that are the whole bed of exploited well guess what guys the future uses the neck depth on just last year we were able to actually develop a way to compromise internet connect therm snack so we were to do that because researcher for develop codes to socialize their amazing what it was it was either print up DAC your turn-ons completely paper ran pretty crazy stuff and then this is actually not a logistic

conceptual this is really this is just in December of 2016 LG TVs are subject to enjoy great for this guy was ransom and on the slide this charging $500 later anthem however think about this book Charlie call LG for support they wanted a charging 330 dollars one way so alright we talked about Randy and the all the different variants how scary it is and really what's a trigger let's talk about protection okay how can we protect ourselves from Isis how got a lot of dr. Jessop ideas some of them are common sense she does hello them may be my dream but periodic first thing that goes off you know that's probably good rule to live by but here's the kicker is

connector backups when they're on these because unfortunately they need encrypted data next thing is to review access to your shared resources perfectly honest there's no reason for your secretary or the housekeeping staff have access to the arrow pops over you know so it required body but you can make sure that only the privileged people have access to the privileged resources and you prevent having those privileges right also this is a good one your pieces that is connect your network resources when they're not used most people as part of the startup have the mapping of drive the part that started consider there's no reason to have this network resources available to you if you don't necessarily need them so I

recommend only connecting to network sharing and you're actually using them and not having set up for you in provisional automatically this is an important training your users about phishing and social media attack and / download so I really advocate teaching you to specifically about phishing phishing end antivirus antivirus does actually provide some control in protecting your organization however unless you're using the next in any product like when the gentleman down all over there their product works very very good at predict everything but at the same time save you today Feeny does it update Appetit additionally attaching your own apps and your software because what you saw the same time and meta the vulnerabilities were how they being in the in

communicative ability of the Depp's also preventing Albert idling and coating action digit number whom this as well what I recommend is using power walkers so these are just a few that I'd like a block of origin to add to Pinterest all the pencil cocom making the third party activation and deputy of advertising such a block and access to another product that I highly recommended the product called nursery now what this will do is really lock down the browser but also it locked down the rousing to action so joke it's robust and visual experience but it will be secure and then last I live parking in the sandbox virtualizing your browsing experience this virtualized and pretty web browsers

into a sandbox mode even compromise it only has played that segment of memory I'm very happy to say the major browser developers are developing this technology into their current and next can products so you're innocent chrome with built-in sandbox capacity until is doing the thing I'm the expert for this time well and this was kind of Delta climbers in the block intellects early with some of the ti-83 most recently received endear days are being released to the public on in the Y software they're not going to developing a sort of remediation since all durability so always they current with recurrent very the software and hardware so you know with a polygamous you should this is a department and this kind of

leaves my next one only trust trusted sources should be done anything from BitTorrent the list it's awful right follow the pack friends kind of counterintuitive what you have been told you now but a gymnastic leading-edge company auto security what do people that called instead of up so specifically regards the global platforms I think the Apple marketplace is a fairly big environments download Quran you can trust the Apple sort of a better code Android on the others p.m. absolutely not so I look at approaching employ a differences instead of trusting the market let's trust individual developers so what I do make sure that the product downloading are not through some crazy third-party I always make sure that they have 5000 on your

positive reviews and at their four or five stars so trust me to do developer and not the marketplace and this one's the world fish at the IP has over the bank we will actually paralyze an organization plea anodic open source software in the relation I'm sorry that time is like I'm a hacker and you can have my open source for my kool-aid but I'm an addict so I recommended validating hashes now I'm just validating actions from the advice for downloading which is exactly what happened Leo FX q Ranger the Macintosh one validator hanging from a third party website so you gain because it wanted this or what breach but you can't do for two if you better you can

validate helpful cache multiplied so you're going to use open source software engineering compile your own code validate Hatcher's from local sources interview traditions eating painting the capacity of what IPS and then I'd record not conducive a negative angle as you get a TV commercial of the game Rob and the security guard so they're like on the bank honor your dinner on that's exactly what's happening with most IP network IPSS prevention system a packet of locked but many organizations are so gun-shy because they're great going to actually prevent some production systems that they don't actually than that block so we don't pop any implement block it's a little bit of I don't know it's controversial I think that third or was

content provider should be responsible for browsing the transformations therefore you're going for then tap close strong control the access what or the strategy to your community if you leverage it third-party website sister Nagar I'm sorry I mean what are possible so with that said until comedy will post their own ad conference I'm going to protect myself so that's the recommendation I have for web content providers in Niort I'm action served of their own tasks they would have to worry about an advertiser in math words don't believe say there's but a point if you don't enable macros you're going to shrinking your attack service sniffing there are many ways to do this most often I recommend if you have Enterprise

applets over your screen frame implement policy apply executing of Mavericks and this is a new one I actually get this one a fish yesterday most home users don't have access to recall they don't have access to enterprise class security professionals like ourselves there's it so what I recommend doing is taking the JavaScript file the HD file the PowerShell bat valves and command+ date the actual scripts that are executing and take off that ran to my process is open from the regions that run because located your grandma is not going to be as officer develop okay so what I recommend is using some sort of and recipient Mexico or file execution or that extension with 30 you just that

didn't bring bouncing online somewhere in your organization by 2019 Yorgi what I've done to you guys at a time is if you check out my blog you'll use a golf ball uppercut that you go there about you bring your script already sits down the script run it to nil pre so CL your possible and then ask for how much we heard it is to back the community that's my didn't you what's up at court I drove it whatever so let's say we put some on IPS web content macros and all extensions conveyance mitigation evidence your no breaks or doesn't want interesting this on my machine new innings and pasty or are distortions global big machines possible so we have

to prevent laterally so how do we go luck and it's actually fairly easy thing to do because not it best part actually unless you have a tool that can facilitate that we want to have make sure there's no password reuse in your entire organization so in the organization have that local isn't trigger output every give them the same it's easier that way golden images right same thing with your server push every same both with and and have sort of across the board what that means is that present and an excerpt you can laterally move you pass the hash with that credential so we want to make sure that the credentials are complex unique frequently changing this enabling

the least privilege so we're talking the most administrative right out of your users there should you no reason why you should have both administrator access to your standard users the majority of the rank Tamar that we have found and discuss today propagates with local administrative access there are ample battle but that they want to hopefully finish a vacuum geordie of the ranch and upon to do better than station control so we controlled [ __ ] pioneer interaction executing an ovulation we can protect ourselves to the combination us-cert us served in Afghanistan and there was reason documentation that combination application control and these privilege is range block transport in your car widely would isolate the fertilizer so

you can prevent lateral movement to your domain controllers to your DNS server to your DMX ISM you can prevent those systems from get compromised so what we recommend is using proxy servers as opposed to isolate their privilege matches on those systems rather than animals so the combination of credential management session isolation these privilege application controls really good way to longer so when I leave you got to smile thoughtful or I'll let you on your way reason why you shouldn't pay I've been infected by remote employer web well here's some of the recommendation white sugar hitch file back okay we've seen often that it's almost like a pyramid scheme we have developers on distributors and some of those times

those guys don't always be along and so we may fear Hansel definitely as one more because there's no guarantee might get your data back I love this Joker you see the guy eater right smart guy actually yes wait come back so yeah although FBI previously previously that this is the easiest way to pay its John's name that he actually says which is so good the easiest way to fall back attack I disagree and hang it might be cheaper than implementing ideas and winning our staff member or policy use mitigate password management something like a chamber right really why should have us sir and Beyond are now clearly on the same page everybody getting them don't ask John the best way

to FBI does not condone pain of random attainable extorting monies may encourage continued criminal activity or to use facilities serious crimes you've actually seen cyber criminals money that they've been able to extort as facilitated terrorist organization by up on one device and up through cyber attacks so the interview and it might be cheaper for the rim not disclosure of the bridge itself an option anyone familiar with they were breached prevent let their amount of money paid just inclusive I'm talking about winning the Asian or technical spending posted saves nine million dollars and also just because you paid to the new Tamils in come on die at Unitec copycat attacks are real they know they got a good fish

on the line they don't a one roll top and remain again and I've softened before T just because you pay there's no guarantee that you're blessed you know you may they got what they want they were happy to live in fact there are several variants right in order right now the presented in four semesters but they never provide it's beautiful but this one here in Stevens closet and underclass with criminals we want the criminals would know all right so help I've been ranked what do I do this is actually a real circumstance here while I recommend contact your friendly neighborhood hacker we're here to help research the very alright and then sexist both sort of

happened gentlemen reach out to me in Twitter to help one of my friends has been affected by rinsing his wife died and he lost all footage of his lack of children which can be writing a book that book was ransom is what he does distraught has no idea what to do open up and no idea my hell going on but bigger one will give it up job resist the variant we found out in the crib xxx very important so will variable timing 55-inch I'm an original pop webmail is super awesome for this because what you can do to chamber some tiles and you'll have an original copy of the file to help you perfect file you

know on the detector against those two bottles if they extract the private key so we'll get your inbox or your sent you know when you ransom or situation take the fish you don't want anything pre we're looking into a data encryption method the variant that we see nowadays one further dumping pretensions so you're taking your bradler capture for finding the credential that are stored on the routers which account number like that order email address - then concern more explosion more identity back one ounce of day tradition Montblanc and change it all your ass words I don't care how you do it rotate all your passwords even getting your data don't think it might compromise but

you've been affected by ransom or any measure out of here rotate opacity and then paste patience is a virtue in your guest because let's say every period of ransomware will eventually be encrypted with the advent of quantum computing on that Verizon's encryption action go all the way now while you were to happen but that that is that all variants of rains more will be eventually in 30 maybe not say tomorrow and not a year from now along your bar graph because you made that your data back eventually when a lot and randomly connectedness and how's the prevention is worth a pound of shoot my grandmother a dent in my head is I'm gonna be done yours

you take the proactive controlled ahead of time you don't have to worry about being exported to money just never happen so thank you all very much for listening to me ramble on if you have any questions I'm more than happy I think it's very update here's my unblock and I had Twitter and got on what's up yes oh I see or dot yes yeah what does that sheet again can you pull that one back there's a lot of good information about the page that has I completely failed to this evening

right there there we go there we go IP - each are not lot that you're new be good or connection but the thing is though musical time typically don't have that control vehicle block stuff like that so you got like with me that's one way that's well that was like they have great Chris perfectly steady goes on we have honors life like the wisdom to DeLorean hitters knowing them but I can tell you that we the main factor has a really going to end jokers I have one parameter at each computer there's a website called no ransom word out of work yet it is a amalgamation of decryptions excellent thank you so much I'll Drive

well with that said I may be here all day and if you have any question like I said I just want to get back to community so feel free to leave any questions at all I'm always here