-
ASTRI Proprietary
Ransomware: The Most Profitable Malware
Duncan Wong, PhDVP, Financial TechnologiesSeptember 2016
-
ASTRI Proprietary
The first computer viruses hit personal computers in the early
1980s, and essentially, we’ve been in a cyber arms race ever
since.Barack Obama
-
ASTRI Proprietary
-
ASTRI Proprietary
Ransomware
4
-
ASTRI Proprietary
-
ASTRI Proprietary
More Samples
6
Disguised as a Pokemon Go app on a Windows Phone.Damages: spread
over all (network) drives
-
ASTRI Proprietary 7
More Samples – a bogus one
-
ASTRI Proprietary
Ransomware77 ransomware families identified in 2014100
ransomware families identified in 2015
source: Symantec
-
ASTRI Proprietary
Ransomware174 ransomware families identified in 2016
-
ASTRI Proprietary
Why Ransomware is so NotoriousJIGSAW deletes encrypted files
whenever victims fail to pay the ransom on the given
deadline.SURPRISE increases the ransom every time victims miss a
deadline.Some others publish victims’ files and photos if the
deadline is missed
-
ASTRI Proprietary
Phishing Email
-
ASTRI Proprietary
Spam Filter and Anti-Virus Failed
source:
http://www.bleepingcomputer.com/forums/t/506924/original-cryptolocker-ransomware-support-and-help-topic/page-132
Password Protected AttachmentEmail message look and read more
legitimate
-
ASTRI Proprietary
The Price of Ransomware• $613 One machine, one Bitcoin, a
significant rise from USD 410 in Q1, and USD 448 in May 2016•
$50,000 Total CryptXXX ransom payments sent to a single Bitcoin
address in a span of three weeks in June 2016• $201M Total reported
losses by ransomware victims for the first three months of 2016• $1
Billion Estimated totalransom payment in 2016source: FBI,
TrendMicro
-
ASTRI Proprietary
Big Numbers
source: Symantec
-
ASTRI Proprietary
Ransomware Economy• $50 for a customizable ransomware binary•
Customers set their own ransom amount and Bitcoin address• 10%
profit sharing model
-
ASTRI Proprietary
Ransomware TypesEncrypting ransomware
• AIDS (aka "PC Cyborg", 1989) • GPCode, Archiveus (2006)•
CryptoLocker (2013)• SynoLocker (2014)• RansomWeb (2015)•
Ransomware as a service (2016)
Non-encrypting ransomware• WinLock (2010)• Windows activation
Trojan (2011)• SourceForge Trojan (2013)• Forge FBI warning Trojan
(2013)
16
-
ASTRI Proprietary
List of Popular Ransomware
17https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#
76 Decryptors out of 174 ransomwares: 44%
-
ASTRI Proprietary
Types of Damages Caused by Ransomware
18
-
ASTRI Proprietary
What Could Go Wrong
-
ASTRI Proprietary
How Ransomware Works
-
ASTRI Proprietary
C&C Key Exchange
21
-
ASTRI Proprietary
Ransomware Obfuscation and De-obfuscation
22
Obfuscation
De-obfuscation
ASCII:255-151=104 ➡ h267-151=116➡ t267-151=116 ➡ t263-151=112➡
p209-151= 58➡ :198-151= 47 ➡ /
-
ASTRI Proprietary
Locky - Domain Generation Algorithm (DGA)
source:
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
-
ASTRI Proprietary
Locky - Exclusion of Russian PCs
24Ref:
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
-
ASTRI Proprietary
Solutions to the Ransomware
25
-
ASTRI Proprietary
Solutions to the Ransomware• Moving quickly to patch published
vulnerabilities in software and systems,
including routers and switches that are the components of
critical Internet infrastructure
• Educating users about the threat of malicious browser
infections• Understanding what actionable threat intelligence
really is• Backup
26
-
ASTRI Proprietary
Cloud Backup + Version ControlKeep a client-side encrypted
backup on cloud with multiple previous versions
Client-side Encrypted
Multiple Previous Versions
-
ASTRI Proprietary
ASTRI is a government subvention organization, focusing on
R&D on information and communication technologies(ICT), with a
mission to perform high quality R&D and transfer technologies
to the industries. Annual funding isaround HKD 400 million, about
20% from industry
ASTRI At a Glance
R&D Capability 500 staff, over 400 R&Dpersonnel (>
85%)
Patent Portfolio964/655 filed/granted under 24 IPCs. Tech
transfer 530 since 2009. IP pooling with
HKPC, PolyU and BU on ICT27% Doctor52% Master20% Bachelor
StrategiesRegional needs. Align with National
policies.Collaboration Platforms• Consortiums• Joint labs &
R&D centers• Industry and universities Talent training
5 initiatives + 1 national engineeringresearch center
1. FinTech2. Next Generation Network 3. Intelligent
Manufacturing4. Health Tech5. Smart City
National Engineering Research Center for Application
Specific
Integrated Circuit System+
-
ASTRI Proprietary
ASTRI FinTech R&D Areas
BDA, AI/DL
Blockchain
Mobile Computing
FinTech
VCs, Incubators, Accelerators
Regulators & GovernmentEmerging Technologies
Enterprises, Consumers
Cyber-Security
-
ASTRI Proprietary 30
-
ASTRI Proprietary
Cyber Security Summit 2016
-
ASTRI Proprietary
SecShare – Cyber Intelligence Platform
-
ASTRI Proprietary
Cyber Range
• Red vs Blue team cyber attack and defense• Action based
practical training vs theory based• Attack simulation, war tactics
analysis• 6,000 cyber attack scenarios, 35,000 pieces of malware•
DDoS and botnet simulations
-
ASTRI Proprietary
Blockchain TechnologyHKMA Blockchain Whitepaper and
Proof-of-Concepts on Identity Management (KYC, AML), Trade Finance,
and more
Blockchain-based Property Valuation and Mortgage Systems
-
ASTRI Proprietary
DisclaimerThe information contained in this presentation is
intended solely for your reference and may be subject tochange
without further notice.Such information's truthfulness, accuracy or
completeness is not guaranteed and it may not contain all
thematerial information concerning Hong Kong Applied Science and
Technology Research Institute CompanyLimited and/or its affiliates
(collectively, "ASTRI"). ASTRI makes no representation or warranty
regarding, andassumes no responsibility or liability for, the
truthfulness, accuracy or completeness of any information
containedherein.In addition, the information may contain
projections and forward-looking statements that may reflect
ASTRI’scurrent views with respect to future events and financial
performance. These views are based on currentassumptions which may
change over time. ASTRI makes no assurance that such future events
will occur, thatsuch projections will be achieved, or that ASTRI’s
assumptions are correct.Lastly, this presentation does not
constitute an offer made by ASTRI whatsoever (including an offer
relating toASTRI's technologies and/or services).
35
-
ASTRI Proprietary
End of PresentationThank you.
Corporate website: www.astri.orgContact: Duncan
[email protected]+852 3406 0319
![Statistical Analysis Plan · ^ w w ò ñ ó í ì ì ì ì í &rqilghqwldo 3ursulhwdu\ ,qirupdwlrq x 3urwrfro qxpehu ' & x 'rfxphqw wlwoh $ zhhn wuhdwphqw pxowlfhqwhu udqgrpl]hg](https://img.pdfslide.us/doc/110x75/5beaa26809d3f257708bac66/statistical-analysis-plan-w-w-o-n-o-i-i-i-i-i-i-rqilghqwldo-3ursulhwdu.jpg)
![Alfresco Content Services-capabilities - sgipac.it · :k\ 0rghuql]h" 2xwgdwhg 8, glvfrqqhfwhg iurp rwkhu v\vwhpv uhsrvlwru\vlorv 3ursulhwdu\ v\vwhpv vorzdqg gliilfxow wr lqwhjudwh](https://img.pdfslide.us/doc/110x75/5ae25a2c7f8b9a7b218bdb04/alfresco-content-services-capabilities-k-0rghuqlh-2xwgdwhg-8-glvfrqqhfwhg-iurp.jpg)
![+8' 0,' &RPSHWLWLRQ $SSOLFDWLRQ *XLGH &20081,7< '(9(/230 ... · +8' 0rvw ,psdfwhg dqg 'lvwuhvvhg ³+8' 0,'´ &rpshwlwlrq +8' kdv ghvljqdwhg %ud]ruld )ruw %hqg +duulv 0rqwjrphu\ dqg](https://img.pdfslide.us/doc/110x75/5ec4041ae1b8d145b761d48c/8-0-rpshwlwlrq-ssolfdwlrq-xlgh-200817-9230-8-0rvw.jpg)
![Presentazione SavinoDiGregorio ADP cedolino Ancona - Este · &rs\uljkw $'3 //& 3ursulhwdu\ dqg &rqilghqwldo &klduh]]d 7hpsl gl vhwxs suhghilqlwl 0lqruh frlqyrojlphqwr gho folhqwh](https://img.pdfslide.us/doc/110x75/5c6aa09209d3f2e4178ce229/presentazione-savinodigregorio-adp-cedolino-ancona-este-rsuljkw-3-.jpg)