Easy way to stop ransomware!

So I’m here today in Houston at HouSecCon.

Listening to Michael Gough he had a fantastic idea. It’s near impossible to retrain the end user from double-clicking. Rather we need to be smart and disassociate the malicious filetype with the underlying engine running it. This was done OOTB with .ps1 files. We should just do the same with all the other file types.  This can be done via group policy. For home users, this is not possible. So…I wrote a script to do this for you. Feel free to download it here. 

@echo off
echo ” ____ ”
echo ” | _ \ __ _ _ __ ___ ___ _ __ _____ ____ _ _ __ ___ ”
echo ” | |_) / _` | ‘_ \/ __|/ _ \| ‘_ ` _ \ \ /\ / / _` | ‘__/ _ \ ”
echo ” | _ < (_| | | | \__ \ (_) | | | | | \ V V / (_| | | | __/ ”
echo ” |_|_\_\__,_|_| |_|___/\___/|_| |_| |_|\_/\_/ \__,_|_| \___| ”
echo ” | __ )| | ___ ___| | _____ _ __ ”
echo ” | _ \| |/ _ \ / __| |/ / _ \ ‘__| ”
echo ” | |_) | | (_) | (__| < __/ | ”
echo ” |____/|_|\___/ \___|_|\_\___|_| ”
echo ” By: Andy Thompson”
echo ” www.MeteorMusic.com”
echo ” @R41nM4kr”

assoc .js=poss_bad
assoc .jse=poss_bad
assoc .wsf=poss_bad
assoc .wsh=poss_bad
assoc .hte=poss_bad
assoc .lng=poss_bad
assoc .ps1=poss_bad
assoc .cmd=poss_bad
assoc .bat=poss_bad
assoc .vbs=poss_bad
assoc .vbe=poss_bad
ftype poss_bad=c:\Program Files\Windows NT\Accessories\wordpad.exe %1

echo “Done! Have a great day!”

pause

 

Ransomware Talk…this Wednesday

2016-09-12-21_10_18-ransomware_-history-analysis-and-mitigation-tickets-wed-sep-14-2016-at-11_3

Sorry for the late notice, but I honestly didn’t think about posting this until just now. I’m headed to Houston for a few days to discuss ransomware at the (ISC)2 Houston chapter monthly meeting. It should be fun. I’ve given the talk a handful of times now, but this time it’s been updated with some more recent events and whatnot.

I’m a little supprised they’re offering tickets to the event, but they’re free and there’s plenty of them. So come get some food, buy me a few drinks, and listen to me talk about some of the crazy ransomware I’ve been seeing.

Wednesday, September 14th 11:30AM
The Black Labrador
4100 Montrose Boulevard #8, Houston, TX 77006

Ransomware: History, Analysis, & Mitigation

This is a little dated now, but this was my original slide deck for my ransomware presentation. I’ve presented this all over the nation from Infragard in Little Rock, AR to the Dallas Hackers Association. An updated version of this will be presented to a large group of Law Enforcement sometime in October.

It’s full of good info about the history of ransomware as well as how it works, and where I see ransomware evolving. I’ve already been proven right with ransomware moving into the realm of IoT. I’m curious to see where things go next. Read more “Ransomware: History, Analysis, & Mitigation”