Protect Against CryptoLocker Ransomware
Ryan Nolette at BSides Boston 2016
Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.
In this technical session, we’ll discuss the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.
Ryan Nolette, is Senior Threat Researcher at Bit9 + Carbon Black and draws from more than decade of intense and active Incident Response (IR), Threat Research, and IT experience to add a unique perspective of technical expertise and strategic vision to Bit9 + Carbon Black. Prior to joining Bit9, he was a Technology Risk Analyst for Fidelity Investments, where he was the malware subject matter expert for their Cyber Security Group and focused on signature verification and placement for all IPS across the world, and provided non-signature based malware detection and prevention through manual auditing and automated tools he wrote. Prior to Fidelity Investments, he was an MSS Analyst at SecureWorks. As a Security Response Specialist on the Security Response Team, he aided in the management and monitoring of client intrusion detection devices and log management devices as well as researched the latest security threats and vulnerabilities to perform deep network and packet analysis to identify client security breaches. Prior to Secureworks, he was a “jack of all trades” for Crossbeam Systems. Primarily working as a Security System Administrator, he focused on IPS, firewall, and AV systems and also worked in the SQA lab as a performance product tester, and in manufacturing where he helped build the hardware. He was also a System Administrator and Test Engineer for Vardata, where he built and maintained a multi-server network and performance tested all network, security, and telecommunications equipment that Vardata sold. He earned a bachelor’s degree in Information Security and Forensics from the Rochester Institute of Technology and is constantly looking to learn new skills and technologies.
In this technical session, we’ll discuss the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.
Ryan Nolette, is Senior Threat Researcher at Bit9 + Carbon Black and draws from more than decade of intense and active Incident Response (IR), Threat Research, and IT experience to add a unique perspective of technical expertise and strategic vision to Bit9 + Carbon Black. Prior to joining Bit9, he was a Technology Risk Analyst for Fidelity Investments, where he was the malware subject matter expert for their Cyber Security Group and focused on signature verification and placement for all IPS across the world, and provided non-signature based malware detection and prevention through manual auditing and automated tools he wrote. Prior to Fidelity Investments, he was an MSS Analyst at SecureWorks. As a Security Response Specialist on the Security Response Team, he aided in the management and monitoring of client intrusion detection devices and log management devices as well as researched the latest security threats and vulnerabilities to perform deep network and packet analysis to identify client security breaches. Prior to Secureworks, he was a “jack of all trades” for Crossbeam Systems. Primarily working as a Security System Administrator, he focused on IPS, firewall, and AV systems and also worked in the SQA lab as a performance product tester, and in manufacturing where he helped build the hardware. He was also a System Administrator and Test Engineer for Vardata, where he built and maintained a multi-server network and performance tested all network, security, and telecommunications equipment that Vardata sold. He earned a bachelor’s degree in Information Security and Forensics from the Rochester Institute of Technology and is constantly looking to learn new skills and technologies.