SlideShare a Scribd company logo

Ransomware (1).pdf

H
HiYeti1

Explaining cybercrime. Ransomware.

Technology
1 of 35
Download to read offline
RANSOMWARE ATTACK Presented By: Sushmita Timalsina Safal Bolakhe
PURPOSE OF PRESENTATION Educate and Raise awareness about the threat of ransomware Case Study Analysis Proactive measures to mitigate the impact of ransomware attacks. 1 2 3
TABLE OF CONTENT History of Ransomware 1 Types of Ransomware 2 Ransomware attacks around the world 3 How it started? Modus Operandi How was it stopped?
WHAT IS RANSOMWARE? Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
HISTORY OF RANSOMWARE THINK BEFORE YOU CLICK!
01 THE GENESIS OF RANSOMWARE (1989-2006) 02 RANSOMWARE HAS BEEN MORE PREVALENT SINCE THE INTERNET WAS WIDELY USED (2007–2016) In 1989, Joseph L. Popp distributed 20,000 floppy disks containing information about the AIDS virus to patients and healthcare organizations worldwide. Victims paid a $189 ransom to obtain decryption software. Ransomware has been present for almost 15 years, with digital currencies and cryptocurrencies enabling more convenient payments and anonymity. PGPCoder, first appearing in 2005, was one of the earliest ransomware examples. Archievus ransomware added a file called "how to get your files back.txt" in 2006, making decryption more difficult. Ransomware became more prevalent during the internet's widespread use from 2007 to 2016. WinLock ransomware, a pornographic image popup, and Reveton ransomware, a $200 fine-seeking variation, were popular among internet users to escape penalties for copyright infringement or pornographic sharing. Later, ransom demands evolved to increase the likelihood of payment. The internet's rapid expansion during this period contributed to the spread of ransomware.
03 THE DEVELOPMENT OF STATE-SPONSORED WORLDWIDE ATTACKS (2017-2018) 04 THE BIG GAME HUNTING ERA (2019–2021) In 2017, WannaCry, a ransomware attack, affected 300,000 devices across 150 countries. Cybercriminals attacked backup points and erased them to prevent data restoration. NotPetya, a ransomware borrowed from WannaCry, was used as a weapon during wars between Russia and Ukraine, causing large-scale data destruction. The U.S. government valued the damage at over $10 billion by the end of 2018. Cybercriminals have developed a "big game hunting" technique targeting major corporations, increasing ransom demand from $13,000 to $36,000. They also threatened to sell targeted companies' data on the darknet through double extortion. Maze and Egregor ransomware used data disclosure to persuade businesses to pay. Sodinokibi was hired to exploit this technique, and Colonial Pipeline and Darkside were targeted. Acer and Kaseya were also targeted, and the FBI confiscated ransom money worth $2.3 million. 05 CYBERCRIME HAS BECOMING MORE ORGANIZED (2021- PRESENT) Ransomware as a service (RaaS) has significantly impacted the cybercrime industry by providing access to infrastructure to less skilled attackers, enabling them to profit from victims' ransom payments. Advancements in replication, communication, and data theft have led to more complex malware like Lockbit and DarkSide. Initial Access Brokers (IABs) pose a new threat in 2021, allowing other organizations to access corporate networks for their own attacks. Limiting ransomware would prevent IABs from operating and restrict their access to organizations' back doors.
TYPES OF RANSOMWARE SCAREWARE Deceptive software that uses fear tactics to trick users into believing their systems are infected with malware in order to extort money. RANSOMWARE ENCRYPTION The process of encrypting files and data by malicious software (ransomware) with the intention of holding them hostage until a ransom is paid, typically in cryptocurrency, to obtain the decryption key. MOBILE RANSOMWARE The term "mobile ransomware" refers to malware that encrypts data on mobile devices like smartphones and tablets and demands money to decode the data or unlock the device. SCREEN LOCKERS: These applications are made to lock the victim out of their computer and prevent them from accessing any documents or data. Usually, a notice is shown that requests money in order to be unlocked.
RANSOMWARE ATTACKS AROUND THE WORLD WannaCry Ransomware attack NotPetya ransomware attack Costa Rican Ransomware attack
WANNACRY RANSOMWARE In May 2017, the WannaCry ransomware attack, a global cyberattack, targeted over 150 nations and 230,000 computers worldwide. The worm encrypts data stored on a PC's hard drive and requests a bitcoin ransom to unlock it. It targeted prominent systems, took advantage of a Windows flaw, and was possibly related to the Lazarus Group, a cybercrime gang with ties to the North Korean government. The malware infected 65% of ISPs in Latin America, making it one of the largest ransomware attacks in history. The attack affected small and medium-sized businesses, large corporations, governmental and private sectors, railroads, hospitals, banks, shopping centers, and ministries. The ransomware spread to over 11 countries within just a few hours, and by the end of the first day, it had been discovered in 74 countries within thousands of organizations. The damage to police, energy companies, and ISPs was immense, with no end in sight.
HOW IT STARTED? WannaCry was initiated through a malicious software program that exploited a vulnerability in Microsoft Windows operating systems. According to Jenkinson, The hacking gang behind WannaCry, which started in 2009 with primitive DDoS attacks on systems belonging to the South Korean government, has been identified by Symantec as the Lazarus gang. The U.S. government concurred with this evaluation, according to Tom Bossert's op-ed in the Wall Street Journal from December 2017. The Lazarus Group has developed its skills, hacking Sony and committing bank heists.
The WannaCry ransomware malware is straightforward to use and infects the infected system using a dropper. It includes files including encryption keys, a copy of Tor, and a program for encrypting and decrypting data. Once it's run, it tries to access a hard-coded URL if it fails, it searches for and encrypts files in a number of essential formats, making them inaccessible to the user. After the data are encrypted, a ransom message demanding payment in Bitcoin emerges.
Removing Wannacry install the most recent patche 2 Implement Security Measures 3 1 Isolate Infected Systems It is essential to quickly isolate infected systems in order to reduce the spread and impact of WannaCry ransomware attacks. Monitoring network activity, cutting them off from the internet, turning off remote access tools, isolating them, patching vulnerabilities, utilizing antivirus or anti-malware software, and restoring impacted files are all part of this process. To stop such assaults, it is crucial to reinforce security procedures among users, such as creating strong passwords, being cautious of phishing emails, and updating software frequently. Find the software or operating system that needs to be patched, then go to the vendor's official website or support page to rapidly install the most recent updates. Locate the most recent patch or update that corresponds to your version and edition. Install the proper patch by downloading the file and following the installation instructions. Check the software's version number or the vendor release notes to confirm the installation. For any more systems that require patches, repeat this procedure. It is essential to often check for updates and swiftly apply fixes to preserve system security and operation. Applying the most recent security patches, keeping up-to-date antivirus and anti-malware software, putting strong network security measures like firewalls and intrusion detection systems in place, enforcing stringent email security procedures, and creating routine data backups are all examples of effective network security practices. Test the backup restoration procedure frequently to make sure it works as intended. For continued safety, it's essential to make sure that updates are automatic and continual. To stop ransomware attacks, it's critical that staff members recognize questionable emails, avoid clicking on strange links, and never open attachments from unknown sources.
NotPetya Ransomware Attack 2017
HOW IT STARTED? The attack began in 2017, when Maersk, one of the world’s largest shipping companies, was attacked. The attack started when Maersk staff began to panic and gathered at the help desk with their laptops. According to Greenberg (2018), in the laptops of the staff, there was a message displaying repairing file system on c drive or your files are encrypted. The attackers then demanded 300$ worth of Bitcoin for decrypting the system. When an IT officer was abruptly interrupted while working on his machine, he looked around to see all other machines around him were also abruptly restarting or flickering. People in the Maersk headquarters began to realize that a full-scale crisis was happening. Staff started taking measures to stop the infection from spreading across networks.
According to Greenberg (2018), in 2017, a software company in Kiev, Ukraine called Linkos Group served as the starting ground for one of the most devastating cyberattacks in history. A group of Russian Hackers called the Sandworm hijacked the software company’s update server so that they had access to thousands of computers in Ukraine. Then, the group used the backdoor they had access to push one of the most powerful attacks in the history of computing. The code the attackers pushed could spread automatically and rapidly. It was one of the fastest-propagating malware ever.
Backdoor
Attackers
MODUS OPERANDI The architects of NotPetya used two exploits to power the ransomware. One of the exploits was a penetration tool known as EternalBlue. This exploit was created by the United States National Security Agency. This was accessible by the attackers because the tool was leaked in a disastrous data breach by the agency. The EternalBlue tool was used with another tool called Mimikatz. This tool was originally released to show that Windows stored users’ passwords in the memory and could pull it out of the memory. Windows rolled an update to patch the vulnerability but out-of-date systems could still be affected. Now with the combination of both of these tools, hackers could pull passwords out of these out-of-date computers and then use the retrieved passwords to hack into other machines. The ransomware was notorious because even though it displayed a message to decrypt the user’s files after the ransom was paid, the ransom was not payable, and it did not decrypt the files. The ransomware was purely destructive. It destroyed the user's data irreversibly.
Exploits
Purely Destructive & Involvement of Russian Military Intelligence
The ransomware NotPetya shared some resemblance with WannaCry. According to Hern (2017), NotPetya was based on the same tool as the WannaCry ransomware. This ransomware was also odd in the sense that it was not built for monetary gain. Even if the users were able to pay the specified amount, the files were irreversibly destroyed. This gave specialists a new approach to why the attack happened. Russia and Ukraine have been constantly trading digital blows. This attack was powerful and spread rapidly. This soon became a worldwide phenomenon. According to Schouwenberg (2019), it is generally believed that NotPetya was an idea of the Russian military intelligence agency. After the attack, most companies ended up with their whole Windows infrastructure wiped out.
AFFECTED COMPANIES Maersk (250-300 million dollars) 1 Mondelez 2 Merck WPP Reckitt Banckiser 3 4 5
Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Disconnect
As NotPetya was initiated due to a vulnerability in Microsoft Windows, Windows released a patch to prevent the exploit that the NotPetya depended on. The organizations and the people that were affected by the NotPetya virus also disconnected from the internet to stop the further spreading of the virus. The files that were damaged by the virus were not recoverable.
Conti's attack on the Costa Rican Government (2022)
HOW IT STARTED? In 2022, government institutions of Costa Rica, were sieged by a ransomware group known as the Conti. According to Nast (2022) we can also say that the attack has crippled many of the country’s important services. The services that were halted include the international trade grounds, and tax payments. Medical appointments have also been rescheduled. This cost the country millions of dollars. The country also declared a national emergency due to the damages done by the ransomware. The group, Conti, had demanded a ransom of 10 million dollars initially which was declined by the Costa Rican Government. Then, the group attacked many other ministries of the government and the ransom was increased to 20 million dollars. This was refused by the Costa Rican Government and they have struggled to get all the systems back online. The staffs in the affected government offices of the country have been forced to move to pen and paper due to the attack. Ministry of Finance
The Administrative Board of the Electrical Service of the province of Cartago (Jasec) The Ministry of Science, Innovation Technology and Telecommunications The Ministry of Labor and Social Security (MTSS) The National Meteorological Institute (IMN) The Interuniversity Headquarters of Alajuela eteorological Institute (IMN) The Social Development and Family Allowances Fund (FODESAF) Costa Rican Social Security Fund (CCSS). AFFECTED MINISTRIES
MODUS OPERANDI According to Feeley and Hartley (2019), this ransomware by Conti contains new and advanced techniques that only a few other ransomware variants have exhibited so far. This ransomware is designed in such a way that it can remotely be controlled and is one of the fastest encrypting ransomware. It gives the attacker such freedom that they can even control what kind of files are encrypted and the order they get encrypted in. Phishing and watering hole attacks are some of the methods the attackers used to infect the systems of the Costa Rican government. The attackers started from the Ministry of Finance. They were able to get into the system through phishing and watering hole attacks. Phishing Watering hole
Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Assist from US
The Costa Rican government declared a national emergency and the United States of America assisted them technically to get the attackers out of the system. The attacking group, Conti shut down all sites used for ransom negotiation and took all the data leak sites offline. Some sources even say that the attackers had inside help from the government.
COURSE REFELCTION: 1 Explored the concept of the Internet of Things (IoT) and its applications in various industries 2 Explored communication protocols and networking concepts essential for connecting IoT devices and facilitating data exchange. 3 Engaged with industry professionals invited by the professor to share their expertise and insights on various emerging technologies. 4 Had the opportunity to directly interact with AR and VR technology, gaining practical experience through games like Pokemon Go. 5 The interactive sessions and hands-on activities helped deepen understanding of emerging technologies beyond theoretical knowledge.
References Feeley, B., & Hartley, B. (2019, February 15). “Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web. Purplesec. https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/ Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. WIRED. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Hassan, N. A. (2019). Ransomware overview. Ransomware Revealed, 3-28. https://doi.org/10.1007/978-1-4842-4255-1_1 Hern, A. (2017, December 30). WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. The Guardian; The Guardian. https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware Jenkinson, A. (2022). CNA ransomware attack and cyber insurance. Ransomware and Cybercrime, 29-37. https://doi.org/10.1201/9781003278214-5 Kiru, M. U., & Jantan, A. (2020). Ransomware evolution: Solving ransomware attack challenges. The Evolution of Business in the Cyber Age, 193-229. https://doi.org/10.1201/9780429276484-9 Nast, C. (2022). Conti’s Attack Against Costa Rica Sparks a New Ransomware Era. Wired UK. https://www.wired.co.uk/article/costa-rica-ransomware-conti Paraschiva, I. (2019). WannaCry ransomware attack from Romanian police perspective. International Journal of Information Security and Cybercrime, 8(1), 65-72. https://doi.org/10.19107/ijisc.2019.01.09 Schouwenberg, R. (2019). NotPetya Ushered In a New Era of Malware. Www.vice.com. https://www.vice.com/en/article/7x5vnz/notpetya-ushered-in-a-new-era-of-malware
THANK YOU

Recommended

Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 

Recommended

Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Click jacking
Click jackingClick jacking
Click jackingRonan Dunne, CEH, SSCP
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime Anjana Ks
 
Common ports
Common portsCommon ports
Common portsmunaatyaf
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness TrainingBuy Custom Papers
 
Network Security Terminologies
Network Security TerminologiesNetwork Security Terminologies
Network Security Terminologiesuniversity of education,Lahore
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Cyber security
Cyber securityCyber security
Cyber securityChethanMp7
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & CybersecurityRitamaJana
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and HackingParth Makadiya
 
Gusano Informatico
Gusano InformaticoGusano Informatico
Gusano Informaticotemplarioo
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Securing Remote Access
Securing Remote AccessSecuring Remote Access
Securing Remote AccessGranbury Solutions
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
High Availability in 37 Easy Steps
High Availability in 37 Easy StepsHigh Availability in 37 Easy Steps
High Availability in 37 Easy StepsTim Serong
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 

More Related Content

What's hot

Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime Anjana Ks
 
Common ports
Common portsCommon ports
Common portsmunaatyaf
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness TrainingBuy Custom Papers
 
Cyber security
Cyber securityCyber security
Cyber securityChethanMp7
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & CybersecurityRitamaJana
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and HackingParth Makadiya
 
Gusano Informatico
Gusano InformaticoGusano Informatico
Gusano Informaticotemplarioo
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
High Availability in 37 Easy Steps
High Availability in 37 Easy StepsHigh Availability in 37 Easy Steps
High Availability in 37 Easy StepsTim Serong
 

What's hot (20)

Click jacking
Click jackingClick jacking
Click jacking
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
 
Common ports
Common portsCommon ports
Common ports
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness Training
 
Network Security Terminologies
Network Security TerminologiesNetwork Security Terminologies
Network Security Terminologies
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Gusano Informatico
Gusano InformaticoGusano Informatico
Gusano Informatico
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 
Securing Remote Access
Securing Remote AccessSecuring Remote Access
Securing Remote Access
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
High Availability in 37 Easy Steps
High Availability in 37 Easy StepsHigh Availability in 37 Easy Steps
High Availability in 37 Easy Steps
 

Similar to Ransomware (1).pdf

Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaSergio Renteria Nuñez
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Jay Beale
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataParsons Behle & Latimer
 
NAGTRI Journal Article
NAGTRI Journal ArticleNAGTRI Journal Article
NAGTRI Journal ArticleTaylre Janak
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxInfosectrain3
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxbkbk37
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxwrite12
 
The Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxThe Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxhelen23456789
 
Countermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsCountermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsDarwish Ahmad
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWareUmer Saeed
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdfIdentify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdffatoryoutlets
 

Similar to Ransomware (1).pdf (20)

Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks Telefónica
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
 
NAGTRI Journal Article
NAGTRI Journal ArticleNAGTRI Journal Article
NAGTRI Journal Article
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Wannacry Virus
Wannacry VirusWannacry Virus
Wannacry Virus
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomware
 
Ransomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptxRansomware- A reality check (Part 1).pptx
Ransomware- A reality check (Part 1).pptx
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
The Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docxThe Real Threat of CyberattacksEmmanuel .docx
The Real Threat of CyberattacksEmmanuel .docx
 
Countermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsCountermeasures To Ransomware Threats
Countermeasures To Ransomware Threats
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
 
Malware
MalwareMalware
Malware
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdfIdentify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Ransomware (1).pdf

  • 2. PURPOSE OF PRESENTATION Educate and Raise awareness about the threat of ransomware Case Study Analysis Proactive measures to mitigate the impact of ransomware attacks. 1 2 3
  • 3. TABLE OF CONTENT History of Ransomware 1 Types of Ransomware 2 Ransomware attacks around the world 3 How it started? Modus Operandi How was it stopped?
  • 4. WHAT IS RANSOMWARE? Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
  • 6. 01 THE GENESIS OF RANSOMWARE (1989-2006) 02 RANSOMWARE HAS BEEN MORE PREVALENT SINCE THE INTERNET WAS WIDELY USED (2007–2016) In 1989, Joseph L. Popp distributed 20,000 floppy disks containing information about the AIDS virus to patients and healthcare organizations worldwide. Victims paid a $189 ransom to obtain decryption software. Ransomware has been present for almost 15 years, with digital currencies and cryptocurrencies enabling more convenient payments and anonymity. PGPCoder, first appearing in 2005, was one of the earliest ransomware examples. Archievus ransomware added a file called "how to get your files back.txt" in 2006, making decryption more difficult. Ransomware became more prevalent during the internet's widespread use from 2007 to 2016. WinLock ransomware, a pornographic image popup, and Reveton ransomware, a $200 fine-seeking variation, were popular among internet users to escape penalties for copyright infringement or pornographic sharing. Later, ransom demands evolved to increase the likelihood of payment. The internet's rapid expansion during this period contributed to the spread of ransomware.
  • 7. 03 THE DEVELOPMENT OF STATE-SPONSORED WORLDWIDE ATTACKS (2017-2018) 04 THE BIG GAME HUNTING ERA (2019–2021) In 2017, WannaCry, a ransomware attack, affected 300,000 devices across 150 countries. Cybercriminals attacked backup points and erased them to prevent data restoration. NotPetya, a ransomware borrowed from WannaCry, was used as a weapon during wars between Russia and Ukraine, causing large-scale data destruction. The U.S. government valued the damage at over $10 billion by the end of 2018. Cybercriminals have developed a "big game hunting" technique targeting major corporations, increasing ransom demand from $13,000 to $36,000. They also threatened to sell targeted companies' data on the darknet through double extortion. Maze and Egregor ransomware used data disclosure to persuade businesses to pay. Sodinokibi was hired to exploit this technique, and Colonial Pipeline and Darkside were targeted. Acer and Kaseya were also targeted, and the FBI confiscated ransom money worth $2.3 million. 05 CYBERCRIME HAS BECOMING MORE ORGANIZED (2021- PRESENT) Ransomware as a service (RaaS) has significantly impacted the cybercrime industry by providing access to infrastructure to less skilled attackers, enabling them to profit from victims' ransom payments. Advancements in replication, communication, and data theft have led to more complex malware like Lockbit and DarkSide. Initial Access Brokers (IABs) pose a new threat in 2021, allowing other organizations to access corporate networks for their own attacks. Limiting ransomware would prevent IABs from operating and restrict their access to organizations' back doors.
  • 8. TYPES OF RANSOMWARE SCAREWARE Deceptive software that uses fear tactics to trick users into believing their systems are infected with malware in order to extort money. RANSOMWARE ENCRYPTION The process of encrypting files and data by malicious software (ransomware) with the intention of holding them hostage until a ransom is paid, typically in cryptocurrency, to obtain the decryption key. MOBILE RANSOMWARE The term "mobile ransomware" refers to malware that encrypts data on mobile devices like smartphones and tablets and demands money to decode the data or unlock the device. SCREEN LOCKERS: These applications are made to lock the victim out of their computer and prevent them from accessing any documents or data. Usually, a notice is shown that requests money in order to be unlocked.
  • 9. RANSOMWARE ATTACKS AROUND THE WORLD WannaCry Ransomware attack NotPetya ransomware attack Costa Rican Ransomware attack
  • 10. WANNACRY RANSOMWARE In May 2017, the WannaCry ransomware attack, a global cyberattack, targeted over 150 nations and 230,000 computers worldwide. The worm encrypts data stored on a PC's hard drive and requests a bitcoin ransom to unlock it. It targeted prominent systems, took advantage of a Windows flaw, and was possibly related to the Lazarus Group, a cybercrime gang with ties to the North Korean government. The malware infected 65% of ISPs in Latin America, making it one of the largest ransomware attacks in history. The attack affected small and medium-sized businesses, large corporations, governmental and private sectors, railroads, hospitals, banks, shopping centers, and ministries. The ransomware spread to over 11 countries within just a few hours, and by the end of the first day, it had been discovered in 74 countries within thousands of organizations. The damage to police, energy companies, and ISPs was immense, with no end in sight.
  • 11. HOW IT STARTED? WannaCry was initiated through a malicious software program that exploited a vulnerability in Microsoft Windows operating systems. According to Jenkinson, The hacking gang behind WannaCry, which started in 2009 with primitive DDoS attacks on systems belonging to the South Korean government, has been identified by Symantec as the Lazarus gang. The U.S. government concurred with this evaluation, according to Tom Bossert's op-ed in the Wall Street Journal from December 2017. The Lazarus Group has developed its skills, hacking Sony and committing bank heists.
  • 12. The WannaCry ransomware malware is straightforward to use and infects the infected system using a dropper. It includes files including encryption keys, a copy of Tor, and a program for encrypting and decrypting data. Once it's run, it tries to access a hard-coded URL if it fails, it searches for and encrypts files in a number of essential formats, making them inaccessible to the user. After the data are encrypted, a ransom message demanding payment in Bitcoin emerges.
  • 13. Removing Wannacry install the most recent patche 2 Implement Security Measures 3 1 Isolate Infected Systems It is essential to quickly isolate infected systems in order to reduce the spread and impact of WannaCry ransomware attacks. Monitoring network activity, cutting them off from the internet, turning off remote access tools, isolating them, patching vulnerabilities, utilizing antivirus or anti-malware software, and restoring impacted files are all part of this process. To stop such assaults, it is crucial to reinforce security procedures among users, such as creating strong passwords, being cautious of phishing emails, and updating software frequently. Find the software or operating system that needs to be patched, then go to the vendor's official website or support page to rapidly install the most recent updates. Locate the most recent patch or update that corresponds to your version and edition. Install the proper patch by downloading the file and following the installation instructions. Check the software's version number or the vendor release notes to confirm the installation. For any more systems that require patches, repeat this procedure. It is essential to often check for updates and swiftly apply fixes to preserve system security and operation. Applying the most recent security patches, keeping up-to-date antivirus and anti-malware software, putting strong network security measures like firewalls and intrusion detection systems in place, enforcing stringent email security procedures, and creating routine data backups are all examples of effective network security practices. Test the backup restoration procedure frequently to make sure it works as intended. For continued safety, it's essential to make sure that updates are automatic and continual. To stop ransomware attacks, it's critical that staff members recognize questionable emails, avoid clicking on strange links, and never open attachments from unknown sources.
  • 15. HOW IT STARTED? The attack began in 2017, when Maersk, one of the world’s largest shipping companies, was attacked. The attack started when Maersk staff began to panic and gathered at the help desk with their laptops. According to Greenberg (2018), in the laptops of the staff, there was a message displaying repairing file system on c drive or your files are encrypted. The attackers then demanded 300$ worth of Bitcoin for decrypting the system. When an IT officer was abruptly interrupted while working on his machine, he looked around to see all other machines around him were also abruptly restarting or flickering. People in the Maersk headquarters began to realize that a full-scale crisis was happening. Staff started taking measures to stop the infection from spreading across networks.
  • 16. According to Greenberg (2018), in 2017, a software company in Kiev, Ukraine called Linkos Group served as the starting ground for one of the most devastating cyberattacks in history. A group of Russian Hackers called the Sandworm hijacked the software company’s update server so that they had access to thousands of computers in Ukraine. Then, the group used the backdoor they had access to push one of the most powerful attacks in the history of computing. The code the attackers pushed could spread automatically and rapidly. It was one of the fastest-propagating malware ever.
  • 17.
  • 20. MODUS OPERANDI The architects of NotPetya used two exploits to power the ransomware. One of the exploits was a penetration tool known as EternalBlue. This exploit was created by the United States National Security Agency. This was accessible by the attackers because the tool was leaked in a disastrous data breach by the agency. The EternalBlue tool was used with another tool called Mimikatz. This tool was originally released to show that Windows stored users’ passwords in the memory and could pull it out of the memory. Windows rolled an update to patch the vulnerability but out-of-date systems could still be affected. Now with the combination of both of these tools, hackers could pull passwords out of these out-of-date computers and then use the retrieved passwords to hack into other machines. The ransomware was notorious because even though it displayed a message to decrypt the user’s files after the ransom was paid, the ransom was not payable, and it did not decrypt the files. The ransomware was purely destructive. It destroyed the user's data irreversibly.
  • 22. Purely Destructive & Involvement of Russian Military Intelligence
  • 23. The ransomware NotPetya shared some resemblance with WannaCry. According to Hern (2017), NotPetya was based on the same tool as the WannaCry ransomware. This ransomware was also odd in the sense that it was not built for monetary gain. Even if the users were able to pay the specified amount, the files were irreversibly destroyed. This gave specialists a new approach to why the attack happened. Russia and Ukraine have been constantly trading digital blows. This attack was powerful and spread rapidly. This soon became a worldwide phenomenon. According to Schouwenberg (2019), it is generally believed that NotPetya was an idea of the Russian military intelligence agency. After the attack, most companies ended up with their whole Windows infrastructure wiped out.
  • 24. AFFECTED COMPANIES Maersk (250-300 million dollars) 1 Mondelez 2 Merck WPP Reckitt Banckiser 3 4 5
  • 25. Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Disconnect
  • 26. As NotPetya was initiated due to a vulnerability in Microsoft Windows, Windows released a patch to prevent the exploit that the NotPetya depended on. The organizations and the people that were affected by the NotPetya virus also disconnected from the internet to stop the further spreading of the virus. The files that were damaged by the virus were not recoverable.
  • 27. Conti's attack on the Costa Rican Government (2022)
  • 28. HOW IT STARTED? In 2022, government institutions of Costa Rica, were sieged by a ransomware group known as the Conti. According to Nast (2022) we can also say that the attack has crippled many of the country’s important services. The services that were halted include the international trade grounds, and tax payments. Medical appointments have also been rescheduled. This cost the country millions of dollars. The country also declared a national emergency due to the damages done by the ransomware. The group, Conti, had demanded a ransom of 10 million dollars initially which was declined by the Costa Rican Government. Then, the group attacked many other ministries of the government and the ransom was increased to 20 million dollars. This was refused by the Costa Rican Government and they have struggled to get all the systems back online. The staffs in the affected government offices of the country have been forced to move to pen and paper due to the attack. Ministry of Finance
  • 29. The Administrative Board of the Electrical Service of the province of Cartago (Jasec) The Ministry of Science, Innovation Technology and Telecommunications The Ministry of Labor and Social Security (MTSS) The National Meteorological Institute (IMN) The Interuniversity Headquarters of Alajuela eteorological Institute (IMN) The Social Development and Family Allowances Fund (FODESAF) Costa Rican Social Security Fund (CCSS). AFFECTED MINISTRIES
  • 30. MODUS OPERANDI According to Feeley and Hartley (2019), this ransomware by Conti contains new and advanced techniques that only a few other ransomware variants have exhibited so far. This ransomware is designed in such a way that it can remotely be controlled and is one of the fastest encrypting ransomware. It gives the attacker such freedom that they can even control what kind of files are encrypted and the order they get encrypted in. Phishing and watering hole attacks are some of the methods the attackers used to infect the systems of the Costa Rican government. The attackers started from the Ministry of Finance. They were able to get into the system through phishing and watering hole attacks. Phishing Watering hole
  • 31. Measures taken to stop the attack Up-to-date 2 Strong Firewalls 3 1 Assist from US
  • 32. The Costa Rican government declared a national emergency and the United States of America assisted them technically to get the attackers out of the system. The attacking group, Conti shut down all sites used for ransom negotiation and took all the data leak sites offline. Some sources even say that the attackers had inside help from the government.
  • 33. COURSE REFELCTION: 1 Explored the concept of the Internet of Things (IoT) and its applications in various industries 2 Explored communication protocols and networking concepts essential for connecting IoT devices and facilitating data exchange. 3 Engaged with industry professionals invited by the professor to share their expertise and insights on various emerging technologies. 4 Had the opportunity to directly interact with AR and VR technology, gaining practical experience through games like Pokemon Go. 5 The interactive sessions and hands-on activities helped deepen understanding of emerging technologies beyond theoretical knowledge.
  • 34. References Feeley, B., & Hartley, B. (2019, February 15). “Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web. Purplesec. https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/ Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. WIRED. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Hassan, N. A. (2019). Ransomware overview. Ransomware Revealed, 3-28. https://doi.org/10.1007/978-1-4842-4255-1_1 Hern, A. (2017, December 30). WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. The Guardian; The Guardian. https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware Jenkinson, A. (2022). CNA ransomware attack and cyber insurance. Ransomware and Cybercrime, 29-37. https://doi.org/10.1201/9781003278214-5 Kiru, M. U., & Jantan, A. (2020). Ransomware evolution: Solving ransomware attack challenges. The Evolution of Business in the Cyber Age, 193-229. https://doi.org/10.1201/9780429276484-9 Nast, C. (2022). Conti’s Attack Against Costa Rica Sparks a New Ransomware Era. Wired UK. https://www.wired.co.uk/article/costa-rica-ransomware-conti Paraschiva, I. (2019). WannaCry ransomware attack from Romanian police perspective. International Journal of Information Security and Cybercrime, 8(1), 65-72. https://doi.org/10.19107/ijisc.2019.01.09 Schouwenberg, R. (2019). NotPetya Ushered In a New Era of Malware. Www.vice.com. https://www.vice.com/en/article/7x5vnz/notpetya-ushered-in-a-new-era-of-malware