I INF 453 Lecture Notes - Lecture 4: Untraceable, Microsoft Excel, Botnet
2 Jun 2018
School
Department
Course
Professor
Ransomware
ā¢Traīed īaīk to īīµī“īµ-AIDS Trojan
o Infection vector -5 Ā¼ floppy
ā¢Trojaī
¶.Gpīoder
o First true Ransomware
o 2005
ā¢Outī
¶uī
µīer data īreaīhes ī³ī²īµī° to ī²ī¬īīÆ
ā¢Direīt reīeī
¶ue geī
¶eratioī
¶
ā¢Aīerage raī
¶soī
µ: $īÆī¬ī¬iī
¶ Bitīoiī
¶s
Social Engineering
Definition:
īā¦psīīhologiīal ī
µaī
¶ipulatioī
¶ of people iī
¶to perforī
µiī
¶g aītioī
¶s or diīulgiī
¶g īoī
¶fideī
¶tial iī
¶forī
µatioī
¶. A
type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from
a traditional "con" in that it is often one of ī
µaī
¶ī steps iī
¶ a ī
µore īoī
µpleī fraud sīheī
µe.ī
ā¢Itās a Coī
¶ āshort for īīoī
¶fideī
¶īeī
ā¢Triīk the īī
µarkī iī
¶to doiī
¶g īhat the īoī
¶ artist īaī
¶ts
ā¢Part of īoī
µpleī sīaī
µ
ā¢Loī teīh īersioī
¶ has īeeī
¶ arouī
¶d foreīer:
o the Devil in the bible
o Victor Lustigāīsoldī the Eiffel Tower to scrpdealers
o Selling the Brooklyn bridge
Ransomware
Definition:
ā¢Itās a Haīk
o Uses normally useful utilities -file encryption
o Holds data hostage
ā¢Most are siī
µilar to āāL/TLā
o Asymmetric (Public key/Private Key) to encrypt the symmetric (shared key)
ā¢Tiī
µe liī
µit -countdown
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Infection vector -5 floppy: troja(cid:374). gp(cid:272)oder, first true ransomware, 2005, out(cid:374)u(cid:373)(cid:271)er data (cid:271)rea(cid:272)hes (cid:1011)(cid:1010)(cid:1013)(cid:1008) to (cid:1010)(cid:1004)(cid:1005)(cid:1007, dire(cid:272)t re(cid:448)e(cid:374)ue ge(cid:374)eratio(cid:374, a(cid:448)erage ra(cid:374)so(cid:373): (cid:1004)(cid:1004)i(cid:374) bit(cid:272)oi(cid:374)s. Social engineering (cid:862) ps(cid:455)(cid:272)hologi(cid:272)al (cid:373)a(cid:374)ipulatio(cid:374) of people i(cid:374)to perfor(cid:373)i(cid:374)g a(cid:272)tio(cid:374)s or di(cid:448)ulgi(cid:374)g (cid:272)o(cid:374)fide(cid:374)tial i(cid:374)for(cid:373)atio(cid:374). Ransomware: uses normally useful utilities -file encryption, holds data hostage, most are si(cid:373)ilar to l/tl , asymmetric (public key/private key) to encrypt the symmetric (shared key, ti(cid:373)e li(cid:373)it -countdown, bit(cid:272)oi(cid:374): u(cid:374)tra(cid:272)ea(cid:271)le, pa(cid:455) a(cid:374)d get the pri(cid:448)ate ke(cid:455) Infected downloads: pop-ups/ads, previous compromise, e(cid:374)(cid:272)r(cid:455)ptio(cid:374) soft(cid:449)are, pa(cid:455)(cid:373)e(cid:374)t s(cid:455)ste(cid:373) web based, (cid:862)custo(cid:373)er(cid:863) support they want people to pay, de(cid:272)r(cid:455)ptio(cid:374) soft(cid:449)are. Ransomware evolution: fake av social engineering to get user cc info and download malware, lo(cid:272)ker straight up pay to get access to the computer returned, cr(cid:455)pto pay to unlock your files, ke(cid:455) storage lessons, registry. In malware: common keys, e(cid:374)(cid:272)r(cid:455)ptio(cid:374) algorith(cid:373)s move to industry standards, rsa, aes, etc.
