ransomware

March 11:
https://twitter.com/daniel_bilar/status/708234181579558912
ICIT ransomware report http://icitech.org/wp-content/uploads/2016/03/ICIT-Brief-The-Ransomware-Report.pdf [IMHO rw is 'killer app', will lead to improved defense bc internalizes org breach costs]

March 18:
#Ransomware is today a looming 'killer app' threat, and has become a viable business model. Why:
1) Although first occurrence dates back to 1989, the relatively recent #Bitcoin and other #pseudo-anonymous payment networks 'close the business loop' for attackers.
2) Unlike other #malware, breach costs are internalized by paralyzing org's operations (unlike customer data leaks (Target, JPM OPM, etc) whose true costs are externalized)
3) Large infrastructure targets like hospitals, industry / power plants ICS etc are not only poorly defended and very hard / impossible to patch, their operational availability is vital.

A security researcher figured out that a majority of #ransomware #packers crash if the Dynamic Execution Prevention (DEP) is forced on processes on #Windows

Majority of ransomware packers crash if the DEP is forced on the OS:
call ecx {008d8c28}
0:000> !vprot 008d8c28
Protect: 0x4 PAGE_READWRITE

https://twitter.com/r00tbsd/status/710800330636795905

This has potential ramifications for #Windows10 transition where the default is  "Turn on #DEP for essential Windows programs and services only". The effect of forcing DEP on all processes should be investigated (it may have side effects that are not acceptable, like certain applications not running).

Sidenote:  I've been doing R & D such instances of "lightweight defenses" for years prior to XXXX in context of active defenses against #malware and #adversaries, see TEAM https://speakerdeck.com/dbilar/negotiating-security-threats-with-active-defenses-r0d-abcd-team-slash-and-future-work?slide=12