VIDEO – Z Ransomware – SHARE 2017-San Jose

For anyone who missed my talk at SHARE 2017 – Ransomware on Z – Checkmate!

Here it is in its entirety. Enjoy! Ransomware on Z – Checkmate!

Please note that these videos and all videos released by SHARE are copyrighted by SHARE and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license. This means that you can use but not edit or create derivative works of/from this video. All credit for video and its distribution are from SHARE.

Is that ransomware on your mainframe?

Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS.  I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes.  Come see this talk and watch a live demonstration of how this might work.   If you are responsible for mainframe security, work for a company with a mainframe, or just want to better understand the landscape of this particularly insidious threat, don’t miss this talk.

Ransomware is a combination of 3 basic moving parts:

  1. A delivery mechanism (Phishing email, infected web page, malicious program).
    • This infects the user’s machine – allowing for sniffing of credentials and network traffic.  It can then upload a payload to the host system.
  2. File cataloging and encrypting.
    • Just what it sounds like – find files of interest, encrypt them in place, destroy the local copy of the key.
  3. Some type of Command & Control (or at least reporting) – centralized server.
    • Some means of transferring the keys out to the bad guys. Also, a way for the affected users to connect and pay ransom. (This is not strictly required, but does have precedent.  Steps #1 & #2 can happen regardless of the system’s ability to ‘phone home’ ).

We will also look at how to attempt to mitigate this catastrophic event, as well as ideas about how to recover from it.  Items such as two-factor authentication, proper ICSF / RACF security controls, egress filtering and intrusion detection.

Topics on Encryption – SHARE 2016 in San Antonio

I’m talking about encryption on Thursday, March 3 at SHARE in San Antonio.  Here’s a preview:


Enterprise security has always been concerned with password protection and storage encryption. These two areas make up a large portion of the IT risk portfolio. In this talk the speaker will discuss both of these areas of interest as they apply to z/OS and the mainframe:

  • We will review the recent updates to the RACF password hashing algorithm; comparing and contrasting between the legacy (DES) and current (KDFAES – Key Derivation Function with AES256) algorithms by looking at practical application of open source password cracking tools against RACF.
  • We will provide an in depth review of self-encrypting drive technologies as potential risk mitigation mechanisms, discussing the benefits of of using this technology as well as providing other mitigation techniques which better secure your data from prying eyes.

Attendees will come away with a richer understanding of the RACF hashing algorithms and better understand the risk and rewards of full disk encryption. San Antonio