Connaissezvous cet endroit 2016 Check Point Software Technologies
- Slides: 32
Connaissez-vous cet endroit ? © 2016 Check Point Software Technologies Ltd. 1
Et celui-ci ? © 2016 Check Point Software Technologies Ltd. 2
Ou bien celui-ci ? © 2016 Check Point Software Technologies Ltd. 3
3 cas, 1 similarité… © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 4
COMPRENDRE L’IMPACT DES RAMSOMWARES Jean-Charles DUBREUCQ, Responsible commercial Secteur Public © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 5
Cela commence généralement par… © 2016 Check Point Software Technologies Ltd. 6
Activer la Macro…. . © 2016 Check Point Software Technologies Ltd. 7
Et Boom…. . © 2016 Check Point Software Technologies Ltd. 8
Que s’est-il passé ? © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 9
Step 1 – Payload Download Locky Ransomware downloaded by the macro: © 2016 Check Point Software Technologies Ltd. 10
Step 1 – Payload Download servers are compromised websites © 2016 Check Point Software Technologies Ltd. 11
Step 2 – Payload Installation Locky installs itself in temp folders: © 2016 Check Point Software Technologies Ltd. 12
Step 3 – Contacting C 2 Server Locky contacts its Command&Control server for generating RSA key pair: © 2016 Check Point Software Technologies Ltd. 13
Step 3 – Contacting C 2 Server C 2 servers domain names are not deterministic: © 2016 Check Point Software Technologies Ltd. 14
Step 4 – File encryption Using the public generated key, Locky encrypts following extensions: © 2016 Check Point Software Technologies Ltd. 15
Step 4 – File encryption That’s it: © 2016 Check Point Software Technologies Ltd. 16
Step 5 - Re-image & Restore, or Pay Up © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 17
« Je n’utilise pas Windows, donc pas de risque…» © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 18
Ke. Ranger – 1 st MAC Ransomware (March 2016) Distributed in Transmission Bittorrent Client: © 2016 Check Point Software Technologies Ltd. 19
« Je n’ai qu’un smartphone » © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 20
Simplocker – Mobile ransomware (2014) First ransomware really encrypting the files: © 2016 Check Point Software Technologies Ltd. 21
Mobiles - the most lucrative attack surface © 2016 Check Point Software Technologies Ltd. 22
« Je ne me sens pas concerné, cela n’arrive qu’aux autres » © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 23
Les chiffres augmentent inlassablement… Ransomware Nov. 2015 -Mar 2016 Incidents Indicators 2000 1600000 1800 1400000 1600 1200000 1400 1000000 1200 1000 800 600000 600 400000 400 200000 200 0 Number of Incidents © 2015 Check Point Software Technologies Ltd. р ма 7 - ев -ф 28 ев -ф ев 21 -ф 14 фе в 7 - нв -я 31 нв -я 24 нв 17 -я нв -я в 10 ян 3 - ек -д 27 ек -д ек 20 -д к 13 де 6 - оя -н 29 оя -н оя 22 -н 15 но я 8 - 1 - но я 0 Unique Indicators 24
La menace grandit… Published March 10, 2016 © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 25
Dans les pays étrangers… © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 26
Mais aussi en France… © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 27
« Est-ce un bon business ? » © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 28
Impressionnant… © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 29
Ransomware-as-a-Service (Tox) © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 30
« Comment puis-je m’en prémunir ? » © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 31
MERCI POUR VOTRE ATT ENTION © 2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content 32
- Les plus beaux endroit de corse
- Step abes
- Behavior check in check out sheet
- Check in check out forms
- Check in check out behavior intervention
- Check in check out system for students
- Jobbank
- Dda algorithm advantages and disadvantages
- What is check in check out
- Check-in check-out intervention
- The fan blade is speeding up. what are the signs of
- Endorsement
- Check your progress 1
- Cet canvas
- Cet 1600
- Cet band 4
- Cet 3510
- Cet contabilidade
- En moi seigneur viens mettre un autel
- Demonstrative adjectives french examples
- Cet designer training
- "r?pondre ? cet article"
- Cet sydney uni
- "r?pondre ? cet article"
- Catalog cet extension
- Dans cet ensemble d'idées on est parfois égaré
- Site:.com "r?pondre ? cet article"
- 12 cet to est
- Cet 3510
- Quand je t'ouvre mon coeur je te vois seigneur
- Improvement of software economics
- Dss systems and software technologies pvt. ltd.
- Column software technologies pvt ltd