Recommended
More Related Content
What's hot
What's hot (20)
Similar to WannaCry ransomware attack
Similar to WannaCry ransomware attack (20)
Recently uploaded
Recently uploaded (20)
WannaCry ransomware attack
- 1. WANNACRY / WANNACRYPT RANSOMWARE Prepared by: - Ayoub Rouzi - Abdelhakim Salama
- 2. PLAN Introduction What happened ? What is Wannacry / Wannacrypt ? How many Infections ? What happens to the victim? How to protect yourself ? Will Paying the Ransom Help Us? Conclusion 2
- 3. WHAT IS RANSOMWARE ? “Ransomware is a malware that encrypts contents on infected systems and demands payment in bitcoins.” 3
- 4. WHAT HAPPENED? several organizations were affected by a new Ransomware strain. The exploit ETERNALBLUE, was released in as part of a leak of NSA. May 12th 2017 April 15th 2017 March 14th 2017 Apparition of WanaCrypt0r 2.0 who is more dangerious May 22th 2017 A young white hat hacker stopped wannacry attackMay 21th 2017 A "critical" patch had been issued by Microsoft 4
- 5. HOW MANY INFECTIONS? Estimated > 200,000 victims 5
- 8. HOW DO SYSTEMS GET INFECTED? • E-Mail. • Infected websites. • SMB (Server Message Block) : vulnerable systems exposed via port 445. 8
- 9. WHAT HAPPENS TO THE VICTIM? • Files with specific extensions will be encrypted. • The victim will see a ransom message asking for approx. $300. 9
- 10. WHAT HAPPENS TO THE VICTIM? • Once all the files are encrypted: • Open a backdoor 10
- 11. WHAT HAPPENS TO THE VICTIM? Wannacry warns the user of the encryption of these files by modificating the desktop wallpaper: 11
- 12. HOW TO PROTECT YOURSELF 12
- 13. WILL PAYING THE RANSOM HELP US? • There is no public report from victims who paid the ransom. • About a hundred victims paid so far. 13
- 14. WHAT’S THE UPDATES ? 14 • Windows, Linux, Mac • More victims • More data collection
- 15. CONCLUSION • Availability Affected organizations will loose access to the files encrypted by the malware. Recovery is uncertain even after paying the ransom. • Confidentiality The malware does install a backdoor that could be used to leak data from affected machines, but the malware itself does not exfiltrate data • Integrity Aside from encrypting the data, the malware does not alter data. But the backdoor could be used by others to cause additional damage 15
Editor's Notes
- Several large organizations world wide are known to be affected. Estimated > 200,000 victims according to various anti virus vendors
- Several large organizations world wide are known to be affected. Estimated > 200,000 victims according to various anti virus vendors
- Several large organizations world wide are known to be affected.
- Some organizations suggest that the initial infection originated from e-mail attachments Affected organizations may have had
- Ransomware demands will increase to $600 after 3 days. After 7 days, the files may not longer be recoverable. The ransomware will also install a backdoor to access the system remotely via port 445 (Double Pulsar, also part of the NSA tool set).
- Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
- Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
- Deploy antivirus protection Block spam Perform regular backups of all critical information Don't open attachments in unsolicited e-mails Disable opened SMB port in Microsoft Office products.