Suche senden
Hochladen
Understanding ransomware
•
1 gefällt mir
•
334 views
Prathan Phongthiproek
Folgen
Understanding ransomware and Key lessons from WannCry
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 28
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
What is Ransomware?
What is Ransomware?
Datto
Ransomware
Ransomware
Armor
Analysing Ransomware
Analysing Ransomware
Napier University
SIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
WannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
Empfohlen
What is Ransomware?
What is Ransomware?
Datto
Ransomware
Ransomware
Armor
Analysing Ransomware
Analysing Ransomware
Napier University
SIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
WannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber Attacks
PECB
Incident response
Incident response
Anshul Gupta
Cyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
Cyber security
Cyber security
Sabir Raja
Ransomware
Ransomware
Nick Miller
Ransomware attack
Ransomware attack
Amna
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Cyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
What is Ransomware
What is Ransomware
jeetendra mandal
Ransomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1
Sylvain Maret
CYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
Cybersecurity Training
Cybersecurity Training
WindstoneHealth
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
Weitere ähnliche Inhalte
Was ist angesagt?
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber Attacks
PECB
Incident response
Incident response
Anshul Gupta
Cyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
Cyber security
Cyber security
Sabir Raja
Ransomware
Ransomware
Nick Miller
Ransomware attack
Ransomware attack
Amna
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Cyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
What is Ransomware
What is Ransomware
jeetendra mandal
Ransomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1
Sylvain Maret
CYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
Cybersecurity Training
Cybersecurity Training
WindstoneHealth
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
Was ist angesagt?
(20)
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber Attacks
Incident response
Incident response
Cyber Threat Simulation Training
Cyber Threat Simulation Training
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
The rise of malware(ransomware)
The rise of malware(ransomware)
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
Cyber security
Cyber security
Ransomware
Ransomware
Ransomware attack
Ransomware attack
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
End-User Security Awareness
End-User Security Awareness
Cyber threat intelligence ppt
Cyber threat intelligence ppt
What is Ransomware
What is Ransomware
Ransomware Attack.pptx
Ransomware Attack.pptx
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
Introduction a la securité informatique Volume1
Introduction a la securité informatique Volume1
CYBER SECURITY
CYBER SECURITY
Cybersecurity Training
Cybersecurity Training
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Ähnlich wie Understanding ransomware
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
KPMG-converted.pptx
KPMG-converted.pptx
Rose Valley Groups
The ever increasing threat of cyber crime
The ever increasing threat of cyber crime
Nathan Desfontaines
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
TechSoup
All your files now belong to us
All your files now belong to us
Peter Wood
Security Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
Greg Wartes, MCP
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Digital Transformation EXPO Event Series
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
APNIC
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec
What is ransomware?
What is ransomware?
Milan Santana
Cyber Security Magazine
Cyber Security Magazine
Quentin Brown
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
KavitaDubey18
Defending Against Ransomware.pdf
Defending Against Ransomware.pdf
Jenna Murray
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
NiteshRajput1123
Cybersecurity a short business guide
Cybersecurity a short business guide
larry1401
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
MavrickHost - Reliable Hosting Partner
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
SOCVault
Ähnlich wie Understanding ransomware
(20)
Ransomeware : A High Profile Attack
Ransomeware : A High Profile Attack
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
KPMG-converted.pptx
KPMG-converted.pptx
The ever increasing threat of cyber crime
The ever increasing threat of cyber crime
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
All your files now belong to us
All your files now belong to us
Security Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
What is ransomware?
What is ransomware?
Cyber Security Magazine
Cyber Security Magazine
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
Defending Against Ransomware.pdf
Defending Against Ransomware.pdf
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
Cybersecurity a short business guide
Cybersecurity a short business guide
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
Malware Attacks | How To Defend Organizations From It?
Malware Attacks | How To Defend Organizations From It?
Mehr von Prathan Phongthiproek
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
Prathan Phongthiproek
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
Prathan Phongthiproek
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Prathan Phongthiproek
Mobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
Prathan Phongthiproek
Jump-Start The MASVS
Jump-Start The MASVS
Prathan Phongthiproek
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
The Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
Prathan Phongthiproek
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Prathan Phongthiproek
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
Prathan Phongthiproek
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
Prathan Phongthiproek
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
Prathan Phongthiproek
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Prathan Phongthiproek
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
Prathan Phongthiproek
Hack and Slash: Secure Coding
Hack and Slash: Secure Coding
Prathan Phongthiproek
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
Prathan Phongthiproek
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Prathan Phongthiproek
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Prathan Phongthiproek
Advanced Malware Analysis
Advanced Malware Analysis
Prathan Phongthiproek
Tisa mobile forensic
Tisa mobile forensic
Prathan Phongthiproek
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
Prathan Phongthiproek
Mehr von Prathan Phongthiproek
(20)
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Mobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
Jump-Start The MASVS
Jump-Start The MASVS
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
The Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
Hack and Slash: Secure Coding
Hack and Slash: Secure Coding
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Advanced Malware Analysis
Advanced Malware Analysis
Tisa mobile forensic
Tisa mobile forensic
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
Kürzlich hochgeladen
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Zilliz
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Kürzlich hochgeladen
(20)
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Understanding ransomware
1.
Understanding Ransomware: KeyLessonsfrom WannaCry Prathan Phongthiproek Manager Information Protection
and Business Resilience (IPBR) KPMG in Thailand
2.
2© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential • Understanding Ransomware • Key Lessons from WannaCry • Proactive Prevention Agenda
3.
Understanding Ransomware
4.
4© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Ransomware is a form of computer malware (Virus) that blocks user access to files or systems, holding files or entire devices hostage using encryption until the victim pays a ransom in exchange for a decryption key, which allows the user to access the files or systems encrypted by the program. WhatisRansomware?
5.
5© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TheRansomwareTubeMap Ref: https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
6.
6© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential RansomwareAttack Ransomware on the headlines CryptoLocker NameTargetAttack December 1989 September 2013 May 2017 PC Cyborg/AIDS Trojan Healthcare Industry The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. The malware displayed a message by demanding a payment of $189 and $378 for a software lease. Worldwide CryptoLocker was a prominent ransomware variant around 2013, and quite a profitable one at that. CryptoLocker infected more than 250,000 systems. It earned more than $3 million for its creators. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. WannaCry Worldwide
7.
7© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Open-SourcesRansomware https://github.com/goliate/hidden-tear
8.
8© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Karmen Ransomware Karmen is being sold on Dark Web forums from Russian-speaking cyber- criminal DevBitox for $175. It automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty Ransomware-as-a-Service
9.
9© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential HowisRansomwarespread? Ref: https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware exe
10.
10© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying email + Fake mailer HowisRansomwarespread?
11.
11© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Successfully sent fake email HowisRansomwarespread? Malicious executable file embedded in Excel macro
12.
12© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Demonstration
13.
13© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential The “No More Ransom” website help victims of ransomware retrieve their encrypted data without having to pay the criminals. NoMoreRansom!!
14.
14© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WhattodoIfinfectedwithRansomware? Disconnect your machine from any others, and from any external drives: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives Use a smartphone or a camera to take a photograph of the ransom note presented on your screen Check if you can recover deleted files (Shadow Copy): Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Check if there are decryption tools available (Nomoreransom) Use antivirus or anti-malware software to clean the ransomware from the machine Restore your files from a backup: If you regularly back up the affected machine, you should be able to restore the files from the backup. Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware
15.
KeyLessons fromWannaCry
16.
16© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential WannaCry, Wcry, WannaCrypt and Wana Decrypt0r • WannaCry began on 12 May 2017 using known exploits (Eternalblue from NSA exploits) through SMBv1 (TCP 445) • Infiltrates endpoints and encrypts all the files using strong asymmetric encryption (RSA 2048-bit cipher), demanding a ransom payment $300 USD • Crippled at least 200K+ systems over 150 countries • WannaCry – Wannabe Worms NewEraofRansomware:WannaCry Ref: http://b0n1.blogspot.com/2017/05/wannacry-ransomware-picture-collection_17.html
17.
17© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Impact/Summary The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. Integrity Availability Confidentiality
18.
18© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode I: The Phantom Menace 2013-2016: The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products January 16,2017: US-CERT Advisory on SMB vulnerability on SMBv1 March 14,2017: Microsoft releases patch for CVE- 2017-0144 (MS17-010) 2013- March 2017 Episode II: Attack of the Clones April 14,2017: Shadow Brokers releases NSA hacking tools including zero-days exploits (Eternal sets; Eternalblue, Eternalchampion, Eternalromance, Eternalsynergy). Eternalblue can exploit Wins XP, Vista, 7, 2000, 2003, 2008 May 12,2017: WannaCry attacks begin using Eternalblue to exploit Windows OS through SMB(445) May 13, 2017: Microsoft releases patch for unsupported OS (windows XP,8 and 2003) May 13, 2017: WannaCry’s “Kill Switch” domain was found, MalwareTech registered this domain in question and created a sinkhole April-May 2017 Episode III: Revenge of the Sith May 2017 May 13, 2017: WannaCry 2.0 with No Kill-Switch is on hunt May 14, 2017: WannaCry new variants appeared. The new variant equipped with SMB exploit that would help it to spread rapidly without disruption. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host May 16, 2017: Shadow Brokers published a fresh statement, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.
19.
19© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential TimelineoftheWannaCryandrelatedattack MalwareMalware Episode IV: A New Hope May 18, 2017: WannaCry Ransomware Decryption Tools(WannaKey, WannaKiwi) have been released. This can use to unlock files without paying ransom. Those tools work on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system. Episode V: The Empire Strikes Back May 18, 2017: EternalRocks worm was discovered after infected SMB honeypot. The EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks. EternalRocks exploits seven exploits leaked by Shadow Brokers and was developed to avoid detection and to remain undetectable on the target system. Episode VI: Return of the Jedi Ransomware Advisory Services Our unique Ransomware Advisory Services are specifically designed to review your ability to prevent, detect and react to a ransomware incident. The KPMG Ransomware Advisory service provides a proactive assessment of your capabilities: • Process review • Technical review • People assessment May 2017 May 2017 June 2017
20.
20© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Global) port:445 "SMB Status Authentication: enabled SMB Version: 1" Shodan:HackerSearchEngine
21.
21© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential Identifying opening port (445) over the Internet (Thailand) port:445 "SMB Status Authentication: enabled SMB Version: 1“ country:TH Shodan:HackerSearchEngine
22.
22© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential How to protect organization ? • Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied. Please note that Microsoft has released security updates for all affected operating systems, including Windows XP and Windows 2003 Server. • In accordance with known best practices, any organization who has SMB publically accessible via the internet (TCP ports 139, 445) should immediately block all inbound traffic. • Employ network and host-based firewalls to block TCP/445 traffic from untrusted systems. • Organizations should consider blocking email attachments for the immediate future if this is viable and until such time reliable anti-malware definitions have been made available. • All Cybersecurity systems such as Anti Malware, Anti-Virus, Security Information and Event Management, Intrusion Detection and Prevention etc. should be updated with the latest Indicators of Compromise (IOC) • All end of life machines should be upgraded as a matter of priority as more exploits / malware are expected to be launched for the another vulnerabilities. • Ensure critical systems and files have up-to-date backups. Backups are the only full mitigation against data loss due to ransomware. Don’tCryoverWannaCry
23.
23© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked Infrastructure VulnerabilitiesInfrastructure Vulnerabilities Malware Malware Ref: https://www.facebook.com/thehackernews/photos/a.197666140247267.65555.172819872731894/1834023599944838/?type=3&theater
24.
24© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential NSAToolsLeaked ESTEEMAUDIT exploits through RDP (TCP 3389) on Wins XP and 2003 (0-Days) Ref: https://twitter.com/homelabit/status/869229229635928064/photo/1
25.
Proactive Prevention
26.
26© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential SecurityParadox Ref: http://gifgifmagazine.com/wp-content/uploads/2017/04/pretres.gif
27.
27© 2017 KPMG
Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in Thailand. Document Classification: KPMG Confidential ProactivePrevention Prevention and Continuity measures • Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. • Secure backups, and ensure backups are not connected to the computers and networks they are backing up. • Enable strong spam filters to prevent phishing e-mails from reaching the end users, and authenticate inbound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail to prevent e-mail spoofing. • Scan all incoming and outgoing e-mails to detect threats, and filter executable files from reaching end users. • Disable macro scripts from files transmitted via e-mail, and consider using Office viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications. • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc. • Configure firewalls to block access to known malicious IP addresses, only allow necessary port at endpoint. • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. • Manage the use of privileged accounts by implementing the principle of least privilege. • Configure access controls with least privilege including file, directory, and network share permissions. • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and be trained on information security principles and techniques. Ref: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf
28.
Document Classification: KPMG
Confidential “This document is made by KPMG Phoomchai Business Advisory Ltd., (KPMG), a Thai limited liability company and member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative, and is in all respects subject to the negotiation, agreement, and signing of a specific engagement letter or contract. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. © 2017 KPMG Phoomchai Business Advisory Ltd., a Thai limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. kpmg.com/socialmedia kpmg.com/app Contact Prathan Phongthiproek Manager Information Protection and Business Resilience KPMG in Thailand
Jetzt herunterladen