Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
THE THREE BEST RANSOMWARE SAFEGUARDS
6WELCOME TO THE COURSEOUR STORY
Our Background: We are
a spin off from an IT
company near Atlanta,
GA. Our roots are in
supporting small business
over the last 20 years.
These basic safeguards
are the low hanging fruit
of cybersecurity. They
provide the most risk
reduction for the least
cost.
Our Message: The basic
safeguards quite simple,
we explain them in plain
English.
7TODAY’S AGENDA
Ransomware
Background
& Case
Studies
01
Targeted
Phishing is
your highest
risk
02
Safeguard #1
security filters
03
Safeguard #2
Training &
Simulations
04
Safeguard #3
Encryption
Proof Backup
05
8THE COMMON BREACH TIMELINE
01
Phishing Attack:
Embedded
Images,
Embedded
Links, &
Attachments
02
[Seconds]
Hacker Entry
03
[Minutes]
Hacker
Persistence
04
[Minutes]
Command &
Control
05
[Days / Weeks]
Island Hopping
06
The Final Step is
Encryption
9
NO INDUSTRY IS SAFE FROM RANSOMWAREWHICH INDUSTRIES HAVE YOU SEEN VICTIMIZED BY RANSOMWARE?
Education 11%
Real Estate 15%
Retail 15%
Construction/Manufacturing
38%
Agriculture/Design 10%
Consumer 10%
Finance/Insurance 10%
Government 8%
Legal
11%
Non-profit 20%
Travel/Transportation 10%
Professional Services 35%
Healthcare 25%
10VALUING THE CROWN JEWELS
What is your data
privacy worth?
What if it were
leaked?
What is access to
your data and
computer system
worth?
What is your data
worth? What it
were lost?
11
COST OF DOWNTIME SIGNIFICANTLY
OUTWEIGHS RANSOM REQUESTED
Average
Ransom
Average Cost
of Downtime$4,300
$46,800
The cost of
downtime is 10x
higher than the
ransom
requested (per
incident)
RANSOMWARECASE STUDIES
The tale of two cities
RANSOMWARE CASE STUDIESCITY OF BALTIMORE
14SUMMARY OF CITY OF BALTIMORE HACK
City of Baltimore was hit by
ransomware called “RobbinHood”
in May 2019
All servers, with the exception of
some essential services were
taken offline
Hackers demanded 13 bitcoin
(approximately $76,280 at the
time) in exchange for the keys
SOURCES
https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack
15SUMMARY OF CITY OF BALTIMORE HACK
Hackers stated that if demand
wasn’t met in four days, the price
would increase, and within ten
days, data would be lost.
Property transfers could not be
completed.
SOURCES
https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack
16SUMMARY OF CITY OF BALTIMORE HACK, CONT.
Some servers were not properly
patched
Citizens could not properly pay
money owed to the city
City estimated that the cost of the
attack may be $18.2M
City refused to pay ransom.
Exact source of attack has not
been publicly disclosed
City did not have cyber insurance
policy
SOURCEShttps://www.nytimes.com/2019/05/31/us/nsa-baltimore-ransomware.html , https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/ransomware-attack-
will-cost-baltimore-18-million.aspx , https://www.vox.com/recode/2019/5/21/18634505/baltimore-ransom-robbinhood-mayor-jack-young-hackers ,
https://wtop.com/baltimore/2019/10/baltimore-to-buy-20m-in-cyber-insurance-months-after-attack/
RANSOMWARE CASE STUDIESRIVIERA BEACH, FL
18SUMMARY OF RIVIERA BEACH HACK
Riviera Beach suffered a hack on
May 29, 2019
A police department employee
opened an email that contained
malicious code.
The malicious code infected the
rest of the city’s IT systems.
Encrypted computers “controlled
everything from phones to email, water
utility pump stations, employee
paychecks, traffic citations and possibly
— the city would not disclose it — police
investigation documents.”
SOURCEShttps://en.wikipedia.org/wiki/Riviera_Beach,_Florida , https://www.cnet.com/news/another-florida-city-pays-hackers-over-
ransomware-attack/ , https://www.palmbeachpost.com/news/20190705/riviera-beach-pays-ransom-gets-computers-back
19SUMMARY OF RIVIERA BEACH HACK
The population of Riviera Beach is
about 35,000 people.
The hackers demanded a
$600,000 ransom.
The city’s insurance policy paid the
ransom.
Access to the data was restored.
SOURCEShttps://en.wikipedia.org/wiki/Riviera_Beach,_Florida , https://www.cnet.com/news/another-florida-city-pays-hackers-over-
ransomware-attack/ , https://www.palmbeachpost.com/news/20190705/riviera-beach-pays-ransom-gets-computers-back
THE UNTOLD STORY OF THE THIRD CITYANYWHERE, USA
21THE UNTOLD STORY OF THE THIRD CITY
The phishing attack never reached
an inbox. It was filtered by the
email security filter.
Or ransomware occurred! . . . But vital
services were restored within 2 hours and
everyone went back to work. The story
didn’t even make a news cycle.
Or the email reached an inbox for a
few employees. The employees
reported it as phishing rather than
clicking on it.
TARGETED PHISHING IS YOUR HIGHEST RISK
23TARGETED PHISHING IS YOUR HIGHEST RISK
Targeted Phishing, Spear
Phishing, or CEO Fraud is much
more dangerous and much more
effective than general phishing.
The first-time people see these
high skilled attacks it is often too
late.
POLL QUESTION #1
Would your coworkers recognize
this as a phishing attack?
SOURCES
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
SAFEGUARD #1: EMAIL SECURITY FILTERS
28EMAIL SECURITY FILTERS
Is a great first line of defense
against phishing.
Uses pattern-matching, AI, or
machine learning to try to
automatically detect spam and
phishing attempts.
Will block some, but not all bad
emails.
Can block an email entirely or quarantine
it for further (safer) review.
AN EMAIL SECURITY FILTER
29EMAIL SECURITY FILTERS, CONT.
30EMAIL SECURITY FILTERS, CONT.
PHISHING TRAINING/SIMULATIONS
34PHISHING TRAINING/SIMULATIONS
Phishing training can reduce click
rates from 30-40% to 5% or less
Helps educate users on how to
identify and avoid phishing emails
Even after training, after 3 months
of no awareness training and no
simulations, most people revert
back to their old click habits
35PHISHING TRAINING/SIMULATIONS
Hovering over the link before
clicking
Determine if a URL domain is
legitimate
Verifying by phone if unsure
How to report phishing
SOME ITEMS THAT MAY BE COVERED IN PHISHING TRAINING:
36EXAMPLE RISK REDUCTION REPORT
37PHISHING SIMULATION/TRAINING
Email users need ongoing
awareness. Industry results show
click behavior returns after 3
months of no training.
Email users feel more empowered
and helpful reporting phishing
attempts.
Results often start above 30% for
click rate and often end lower than
5%.
POLL QUESTION #2
Do frequent phishing attacks land
in your inbox?
PROTECTING YOUR BACKUP FROM ENCRYPTION
40PROTECTING YOUR BACKUP FROM ENCRYPTION, CONT.BACKUP/DISASTER RECOVERY HAS THREE COMPONENTS
OFFSITE IMAGEDISCONNECTED
PROTECTING YOURBACKUP FROMENCRYPTION, CONT.
OFFSITE
Offsite backups protect from local
events, flood, sprinkler
malfunction, etc.
POLL QUESTION #3
Does your organization still have
an onsite backup?
Yes, it is onsite.
No, we are safer with offsite.
I am not sure.
PROTECTING YOURBACKUP FROMENCRYPTION, CONT.
DISCONNECTED
Disconnected means a
ransomware encryption will not
encrypt the backup.
PROTECTING YOURBACKUP FROMENCRYPTION, CONT.
IMAGE
An image backup backs up the entire
operating system. It is not just a
copy of the data. An image backup
can spin up in a few minutes and
users can be connected within the
first hour.
If you have an image backup, be
sure to restore/test it often.
45PROTECTING YOUR BACKUP FROM ENCRYPTION, CONT.A COUPLE OF COST EXAMPLES
EMAIL SECURITY FILTERS TRAINING/SIMULATIONSOFFSITE, DISCONNECTED,
IMAGE BACKUP
12 USER CPA FIRM, 1 ON-
PREMISE SERVER$60/month $36/month $175/month
40 USER MANUFACTURING
COMPANY, 5 ON-PREMISE
SERVERS
$200/month $120/month $900/month
PHONE
404-565-4327
WEB
www.Getphishing.com
10% OFF
FOREVER
COUPON
MYCPE2020
THANK YOU