SlideShare ist ein Scribd-Unternehmen logo

Understanding ransomware

‱
‱
Prathan Phongthiproek
Prathan Phongthiproek

Understanding ransomware and Key lessons from WannaCry

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
Understanding Ransomware: KeyLessonsfrom WannaCry Prathan Phongthiproek Manager Information Protection and Business Resilience (IPBR) KPMG in Thailand
2© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ‱ Understanding Ransomware ‱ Key Lessons from WannaCry ‱ Proactive Prevention Agenda
Understanding Ransomware
4© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
5© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
6© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
7© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
8© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
9© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
10© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
11© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
12© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
13© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The “No More Ransom” website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
14© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
KeyLessons fromWannaCry
16© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r ‱ WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) ‱ Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD ‱ Crippled at least 200K+ systems over 150 countries ‱ WannaCry – Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
17© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
18© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCry’s “Kill Switch” domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
19© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: ‱ Process review ‱ Technical review ‱ People assessment May 2017 May 2017 June 2017
20© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
21© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1“ country:TH Shodan:HackerSearchEngine
22© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? ‱ Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. ‱ In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. ‱ Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. ‱ Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. ‱ All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) ‱ All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. ‱ Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. Don’tCryoverWannaCry
23© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
24© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
Proactive Prevention
26© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
27© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures ‱ Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. ‱ Secure backups, and ensure backups are not connected to the computers and networks they are backing up. ‱ Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. ‱ Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. ‱ Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. ‱ Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. ‱ Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. ‱ Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. ‱ Manage the use of privileged accounts by implementing the principle of least privilege. ‱ Configure access controls with least privilege including file, directory, and network share permissions. ‱ Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. ‱ Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
Document Classification: KPMG Confidential “This document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-Ă -vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand

Empfohlen

Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood
 
Cracking the mobile application code
Cracking the mobile application codeCracking the mobile application code
Cracking the mobile application codeSreenarayan A
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisRamin Farajpour Cami
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 

Empfohlen

Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood
 
Cracking the mobile application code
Cracking the mobile application codeCracking the mobile application code
Cracking the mobile application codeSreenarayan A
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisRamin Farajpour Cami
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesProtecode
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attacksecurityxploded
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of InternetRaghav Bisht
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansCyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Guy Podjarny
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesProtecode
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attacksecurityxploded
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of InternetRaghav Bisht
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansCyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Guy Podjarny
 

Was ist angesagt? (20)

Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security Vulnerabilities
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attack
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attack
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-mac
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of Internet
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)
 

Ähnlich wie Understanding ransomware

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessGreg Wartes, MCP
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CKSymantec
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?Milan Santana
 
Cyber Security Magazine
Cyber Security MagazineCyber Security Magazine
Cyber Security MagazineQuentin Brown
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdfKavitaDubey18
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdfJenna Murray
 
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptCyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptNiteshRajput1123
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareMavrickHost - Reliable Hosting Partner
 
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?SOCVault
 

Ähnlich wie Understanding ransomware (20)

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
KPMG-converted.pptx
KPMG-converted.pptxKPMG-converted.pptx
KPMG-converted.pptx
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to ï»żDetect Targeted Ransomware with MITRE ATT&CK
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Cyber Security Magazine
Cyber Security MagazineCyber Security Magazine
Cyber Security Magazine
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdf
 
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptCyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
 
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
 

KĂŒrzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...gurkirankumar98700
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

KĂŒrzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Understanding ransomware

  • 2. 2© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ‱ Understanding Ransomware ‱ Key Lessons from WannaCry ‱ Proactive Prevention Agenda
  • 4. 4© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
  • 5. 5© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
  • 6. 6© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
  • 7. 7© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
  • 8. 8© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
  • 9. 9© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
  • 10. 10© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
  • 11. 11© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
  • 12. 12© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
  • 13. 13© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The “No More Ransom” website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
  • 14. 14© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
  • 16. 16© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r ‱ WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) ‱ Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD ‱ Crippled at least 200K+ systems over 150 countries ‱ WannaCry – Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
  • 17. 17© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
  • 18. 18© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCry’s “Kill Switch” domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
  • 19. 19© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: ‱ Process review ‱ Technical review ‱ People assessment May 2017 May 2017 June 2017
  • 20. 20© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
  • 21. 21© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1“ country:TH Shodan:HackerSearchEngine
  • 22. 22© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? ‱ Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. ‱ In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. ‱ Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. ‱ Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. ‱ All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) ‱ All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. ‱ Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. Don’tCryoverWannaCry
  • 23. 23© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
  • 24. 24© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
  • 26. 26© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
  • 27. 27© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures ‱ Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. ‱ Secure backups, and ensure backups are not connected to the computers and networks they are backing up. ‱ Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. ‱ Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. ‱ Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. ‱ Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. ‱ Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. ‱ Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. ‱ Manage the use of privileged accounts by implementing the principle of least privilege. ‱ Configure access controls with least privilege including file, directory, and network share permissions. ‱ Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. ‱ Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
  • 28. Document Classification: KPMG Confidential “This document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-Ă -vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand