Suche senden
Hochladen
Understanding ransomware
âą
1 gefÀllt mir
âą
151 views
Prathan Phongthiproek
Folgen
Understanding ransomware and Key lessons from WannaCry
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 28
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
Â
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
Â
Cracking the mobile application code
Cracking the mobile application code
Sreenarayan A
Â
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
Â
Brucon presentation
Brucon presentation
wremes
Â
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
Â
Malware Analysis
Malware Analysis
Ramin Farajpour Cami
Â
Bsides
Bsides
Roberto Sponchioni
Â
Empfohlen
Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
Â
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
Â
Cracking the mobile application code
Cracking the mobile application code
Sreenarayan A
Â
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
Â
Brucon presentation
Brucon presentation
wremes
Â
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
Â
Malware Analysis
Malware Analysis
Ramin Farajpour Cami
Â
Bsides
Bsides
Roberto Sponchioni
Â
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Roberto Sponchioni
Â
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security Vulnerabilities
Protecode
Â
DLL Preloading Attack
DLL Preloading Attack
securityxploded
Â
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
Â
Rise of software supply chain attack
Rise of software supply chain attack
Yadnyawalkya Tale
Â
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Priyanka Aash
Â
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
Â
Path of Cyber Security
Path of Cyber Security
Satria Ady Pradana
Â
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
Â
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
Â
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Â
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Â
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
Â
Osint - Dark side of Internet
Osint - Dark side of Internet
Raghav Bisht
Â
Weaponizing OSINT â Hacker Halted 2019 â Michael James
Weaponizing OSINT â Hacker Halted 2019 â Michael James
EC-Council
Â
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM
Â
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Â
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
Â
Android malware analysis
Android malware analysis
Jason Ross
Â
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)
Guy Podjarny
Â
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
Â
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
Â
Weitere Àhnliche Inhalte
Was ist angesagt?
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Roberto Sponchioni
Â
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security Vulnerabilities
Protecode
Â
DLL Preloading Attack
DLL Preloading Attack
securityxploded
Â
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
Â
Rise of software supply chain attack
Rise of software supply chain attack
Yadnyawalkya Tale
Â
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Priyanka Aash
Â
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
Â
Path of Cyber Security
Path of Cyber Security
Satria Ady Pradana
Â
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
Â
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
Â
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Â
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Â
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
Â
Osint - Dark side of Internet
Osint - Dark side of Internet
Raghav Bisht
Â
Weaponizing OSINT â Hacker Halted 2019 â Michael James
Weaponizing OSINT â Hacker Halted 2019 â Michael James
EC-Council
Â
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM
Â
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Â
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
Â
Android malware analysis
Android malware analysis
Jason Ross
Â
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)
Guy Podjarny
Â
Was ist angesagt?
(20)
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Â
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security Vulnerabilities
Â
DLL Preloading Attack
DLL Preloading Attack
Â
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Â
Rise of software supply chain attack
Rise of software supply chain attack
Â
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Â
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Â
Path of Cyber Security
Path of Cyber Security
Â
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Â
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0
Â
Mmw mac malware-mac
Mmw mac malware-mac
Â
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Â
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Â
Osint - Dark side of Internet
Osint - Dark side of Internet
Â
Weaponizing OSINT â Hacker Halted 2019 â Michael James
Weaponizing OSINT â Hacker Halted 2019 â Michael James
Â
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
Â
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Â
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Â
Android malware analysis
Android malware analysis
Â
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)
Â
Ăhnlich wie Understanding ransomware
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
Â
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
Â
KPMG-converted.pptx
KPMG-converted.pptx
Rose Valley Groups
Â
The ever increasing threat of cyber crime
The ever increasing threat of cyber crime
Nathan Desfontaines
Â
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
TechSoup
Â
All your files now belong to us
All your files now belong to us
Peter Wood
Â
Security Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
Greg Wartes, MCP
Â
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Digital Transformation EXPO Event Series
Â
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
APNIC
Â
[CB19] Cyber Threat Landscape in Japan â Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan â Revealing Threat in the Shadow by C...
CODE BLUE
Â
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec
Â
What is ransomware?
What is ransomware?
Milan Santana
Â
Cyber Security Magazine
Cyber Security Magazine
Quentin Brown
Â
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
Â
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
KavitaDubey18
Â
Defending Against Ransomware.pdf
Defending Against Ransomware.pdf
Jenna Murray
Â
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
NiteshRajput1123
Â
Cybersecurity a short business guide
Cybersecurity a short business guide
larry1401
Â
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
MavrickHost - Reliable Hosting Partner
Â
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
SOCVault
Â
Ăhnlich wie Understanding ransomware
(20)
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
Â
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
Â
KPMG-converted.pptx
KPMG-converted.pptx
Â
The ever increasing threat of cyber crime
The ever increasing threat of cyber crime
Â
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Â
All your files now belong to us
All your files now belong to us
Â
Security Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
Â
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Â
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Â
[CB19] Cyber Threat Landscape in Japan â Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan â Revealing Threat in the Shadow by C...
Â
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Â
What is ransomware?
What is ransomware?
Â
Cyber Security Magazine
Cyber Security Magazine
Â
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
Â
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
Â
Defending Against Ransomware.pdf
Defending Against Ransomware.pdf
Â
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
Â
Cybersecurity a short business guide
Cybersecurity a short business guide
Â
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
Â
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
Â
KĂŒrzlich hochgeladen
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Â
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Â
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Â
WhatsApp 9892124323 âCall Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âCall Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Â
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Â
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Â
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
gurkirankumar98700
Â
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Â
Finology Group â Insurtech Innovation Award 2024
Finology Group â Insurtech Innovation Award 2024
The Digital Insurer
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Â
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Â
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Â
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Â
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Â
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Â
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Â
KĂŒrzlich hochgeladen
(20)
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Â
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Â
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Â
WhatsApp 9892124323 âCall Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âCall Girls In Kalyan ( Mumbai ) secure service
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Â
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Â
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Â
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Â
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Â
Finology Group â Insurtech Innovation Award 2024
Finology Group â Insurtech Innovation Award 2024
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Â
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Â
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Â
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Â
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Â
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Â
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Â
Understanding ransomware
1.
Understanding Ransomware: KeyLessonsfrom WannaCry Prathan Phongthiproek Manager Information Protection
and Business Resilience (IPBR) KPMG in Thailand
2.
2© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential âą Understanding Ransomware âą Key Lessons from WannaCry âą Proactive Prevention Agenda
3.
Understanding Ransomware
4.
4© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
5.
5© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
6.
6© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organizationâs AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
7.
7© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
8.
8© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
9.
9© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
10.
10© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
11.
11© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
12.
12© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
13.
13© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The âNo More Ransomâ website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
14.
14© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
15.
KeyLessons fromWannaCry
16.
16© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r âą WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) âą Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD âą Crippled at least 200K+ systems over 150 countries âą WannaCry â Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
17.
17© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
18.
18© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCryâs âKill Switchâ domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
19.
19© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: âą Process review âą Technical review âą People assessment May 2017 May 2017 June 2017
20.
20© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
21.
21© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1â country:TH Shodan:HackerSearchEngine
22.
22© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? âą Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. âą In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. âą Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. âą Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. âą All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) âą All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. âą Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. DonâtCryoverWannaCry
23.
23© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
24.
24© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
25.
Proactive Prevention
26.
26© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
27.
27© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures âą Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. âą Secure backups, and ensure backups are not connected to the computers and networks they are backing up. âą Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. âą Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. âą Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. âą Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. âą Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. âą Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. âą Manage the use of privileged accounts by implementing the principle of least privilege. âą Configure access controls with least privilege including file, directory, and network share permissions. âą Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. âą Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
28.
Document Classification: KPMG
Confidential âThis document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-Ă -vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (âKPMG Internationalâ), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand
Jetzt herunterladen