[C1] "Corporations, the new victims of targeted ransomware"
by Candid Wüest

Author: Candid Wüest (@mylaocoon)
Language: English
Country: Switzerland
Date & Time: Wed.. 2, nov. - 10:30 to 11:15

This presentation will discuss real world examples of ransomware attacks against enterprise customers. We will explain the newest tactics attackers use to infiltrate enterprises and install threats, including the use of psexec and TeamViewer with stolen credentials. We will highlight methods deployed by ransomware targeted towards corporate environments, such as encrypted web files and database entries. Different use cases for ransomware, including cases where it has been used as a diversion or to cover the attacker's tracks, will be assessed in order to better understand the issue.

In 2016 we have noticed spikes in ransomware systematically infecting enterprise customers and demanding a high cost ransom. As an example the group behind the Samsam variant exploited JBoss vulnerabilities in order to install ransomware on enterprise computers. Along with the normal attacks, there has been the expected level of collateral damage as people open the broadly spammed scam emails at work. Especially when they contain malicious macros, downloader written in scripting languages or when the complete malware is written in PowerShell.