The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends

Presented at Black Hat USA 2014, Aug. 7, 2014, 9 a.m. (60 minutes).

In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware. This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.

Presenters:

  • Lance James - Deloitte & Touche LLP
    Lance James is an internationally renowned information security expert and is currently the Head of Cyber Intelligence at Deloitte. With over fifteen years of experience with programming, network security, digital forensics, malware research, cryptography design and cryptanalysis, attacking protocols, and a detailed expertise in information security, James serves on the advisory board of multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500's, and America's top financial institutions. Credited with the identification of Zeus and other malware, he has authored and co-authored several technical e-crime books. Notable publications include "Phishing Exposed" (Syngress Publishing) with two more books currently in the works: "The Threat Intelligence Handbook" (No Starch Press) and "Hacking Back: Offensive Cyber Counterintelligence" (McGraw Hill). James regularly speaks at information security-related conferences with notable keynote speaking engagements including the First Asia HTCIA Conference (Hong Kong), Digital PhishNet (Germany/San Diego, CA), and SANS Conference (San Diego, CA). Prior to joining Deloitte, James was the Chief Scientist for Vigilant (acquired by Deloitte), the Co-Founder and Chief Scientist of Secure Science Corporation and a Senior Threat Analyst at Damballa.
  • John Bambenek - Bambenek Consulting
    John Bambenek is the President and Chief Forensic Examiner of Bambenek Consulting and an Incident Handler with the SANS Internet Storm Center. He began his career at Ernst & Young as a Project Manager and Senior Consultant providing IT architecture services to top Fortune 500 Firms. He has worked in both the public and private sector providing consulting to financial services firms. He has over 15 years experience in the field, is a published author of several articles, book chapters and one book, and has contributed to IT security courses and certification exams covering subjects such as: penetration testing, reverse engineering malware, forensics, and network security. He has participated in many incident investigations spanning the globe.

Links:

Similar Presentations: