September 19, 2019 Lansing ISSA Chapter Meeting

Pranshu Bajpai will present his academic research on ransomware.

Location: Farm Lane Community Room, MSU Federal Credit Union, 4825 Mount Hope Road

Event Date: 09-19-2019

Description: Join us for coffee and conversation at our chapter meeting on the third Thursday of the month!

Speaker: Pranshu Bajpai, Michigan State University

Summary
Ransomware is malicious software that is increasingly targeting public and private sector organizations, crippling access to critical data. Baltimore, Florida, Georgia, and recently Texas are all high profile examples of public sector entities hit by ransomware that have been in the news. This session revolves around explaining several components of a ransomware attack, provides insight into our adversaries’ operational tactics, and concludes with static disassembly of a real world ransomware strain.

Agenda

First half: Non-technical
● The menace of ransomware — case studies around public sector entities hit by
ransomware.
● Primary elements of a ransomware — what makes a ransomware, a ransomware?
● The ransomware underground — who are our adversaries?
● Ransomware developers versus ransomware operators — they are not always the same.
● Ransomware-as-a-Service (RaaS) — our adversary’s business model.
● Ransomware markets on the dark web — forums for buying and selling malware.
● Ransomware payment model — Bitcoin mixers and more.
● Prevention against ransomware — steps you should take to protect against becoming a
victim.

Second half: Technical
● Ransomware attack vectors: phishing, brute forcing RDP, exploiting known
vulnerabilities
● Hybrid cryptosystem encryption model in ransomware
● Disassembly of a real-world ransomware
○ Analysis of the ransomware cryptosystem
○ Analysis of ransomware’s ability to purge host and network backups
○ Analysis of ransomware’s ability to move laterally
● Conclusions and Questions

Start Time: 08:00 AM

End Time: 09:30 AM