SlideShare ist ein Scribd-Unternehmen logo

Understanding ransomware

Prathan Phongthiproek
Prathan Phongthiproek

Understanding ransomware and Key lessons from WannCry

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
Understanding Ransomware: KeyLessonsfrom WannaCry Prathan Phongthiproek Manager Information Protection and Business Resilience (IPBR) KPMG in Thailand
2© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential • Understanding Ransomware • Key Lessons from WannaCry • Proactive Prevention Agenda
Understanding Ransomware
4© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
5© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
6© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
7© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
8© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
9© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
10© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
11© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
12© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
13© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The “No More Ransom” website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
14© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
KeyLessons fromWannaCry
16© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r • WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) • Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD • Crippled at least 200K+ systems over 150 countries • WannaCry – Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
17© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
18© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCry’s “Kill Switch” domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
19© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: • Process review • Technical review • People assessment May 2017 May 2017 June 2017
20© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
21© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1“ country:TH Shodan:HackerSearchEngine
22© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? • Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. • In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. • Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. • Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. • All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) • All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. • Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. Don’tCryoverWannaCry
23© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
24© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
Proactive Prevention
26© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
27© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures • Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. • Secure backups, and ensure backups are not connected to the computers and networks they are backing up. • Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. • Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. • Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. • Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. • Manage the use of privileged accounts by implementing the principle of least privilege. • Configure access controls with least privilege including file, directory, and network share permissions. • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
Document Classification: KPMG Confidential “This document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand

Empfohlen

What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 

Empfohlen

What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomwarejeetendra mandal
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1Sylvain Maret
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 

Weitere ähnliche Inhalte

Was ist angesagt?

Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1Sylvain Maret
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 

Was ist angesagt? (20)

Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber Attacks
 
Incident response
Incident responseIncident response
Incident response
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 

Ähnlich wie Understanding ransomware

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessGreg Wartes, MCP
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Cyber Security Magazine
Cyber Security MagazineCyber Security Magazine
Cyber Security MagazineQuentin Brown
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdfKavitaDubey18
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdfJenna Murray
 
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptCyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptNiteshRajput1123
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?SOCVault
 

Ähnlich wie Understanding ransomware (20)

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
KPMG-converted.pptx
KPMG-converted.pptxKPMG-converted.pptx
KPMG-converted.pptx
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Cyber Security Magazine
Cyber Security MagazineCyber Security Magazine
Cyber Security Magazine
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdf
 
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptCyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
 
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
 

Mehr von Prathan Phongthiproek

The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationPrathan Phongthiproek
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 

Mehr von Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 

Kürzlich hochgeladen

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Kürzlich hochgeladen (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Understanding ransomware

  • 2. 2© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential • Understanding Ransomware • Key Lessons from WannaCry • Proactive Prevention Agenda
  • 4. 4© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
  • 5. 5© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
  • 6. 6© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
  • 7. 7© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
  • 8. 8© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
  • 9. 9© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
  • 10. 10© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
  • 11. 11© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
  • 12. 12© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
  • 13. 13© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The “No More Ransom” website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
  • 14. 14© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
  • 16. 16© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r • WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) • Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD • Crippled at least 200K+ systems over 150 countries • WannaCry – Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
  • 17. 17© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
  • 18. 18© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCry’s “Kill Switch” domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
  • 19. 19© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: • Process review • Technical review • People assessment May 2017 May 2017 June 2017
  • 20. 20© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
  • 21. 21© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1“ country:TH Shodan:HackerSearchEngine
  • 22. 22© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? • Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. • In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. • Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. • Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. • All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) • All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. • Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. Don’tCryoverWannaCry
  • 23. 23© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
  • 24. 24© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
  • 26. 26© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
  • 27. 27© 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures • Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. • Secure backups, and ensure backups are not connected to the computers and networks they are backing up. • Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. • Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. • Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. • Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. • Manage the use of privileged accounts by implementing the principle of least privilege. • Configure access controls with least privilege including file, directory, and network share permissions. • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
  • 28. Document Classification: KPMG Confidential “This document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand