2. PLAN
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
2
3. WHAT IS RANSOMWARE ?
“Ransomware is a malware that encrypts contents on infected systems and demands payment in bitcoins.”
3
4. WHAT HAPPENED?
several organizations were affected by a new Ransomware strain.
The exploit ETERNALBLUE, was released in as part of a leak of NSA.
May 12th 2017
April 15th 2017
March 14th 2017
Apparition of WanaCrypt0r 2.0 who is more dangerious May 22th 2017
A young white hat hacker stopped wannacry attackMay 21th 2017
A "critical" patch had been issued by Microsoft
4
13. WILL PAYING THE RANSOM HELP US?
• There is no public report from victims who paid the ransom.
• About a hundred victims paid so far.
13
14. WHAT’S THE UPDATES ?
14
• Windows, Linux, Mac
• More victims
• More data collection
15. CONCLUSION
• Availability
Affected organizations will loose access to the files encrypted by the malware. Recovery is
uncertain even after paying the ransom.
• Confidentiality
The malware does install a backdoor that could be used to leak data from affected
machines, but the malware itself does not exfiltrate data
• Integrity
Aside from encrypting the data, the malware does not alter data. But the backdoor could
be used by others to cause additional damage
15
Editor's Notes
Several large organizations world wide are known to be affected.
Estimated > 200,000 victims according to various anti virus vendors
Several large organizations world wide are known to be affected.
Estimated > 200,000 victims according to various anti virus vendors
Several large organizations world wide are known to be affected.
Some organizations suggest that the initial infection originated from e-mail attachments
Affected organizations may have had
Ransomware demands will increase to $600 after 3 days. After 7 days, the files may not longer be recoverable.The ransomware will also install a backdoor to access the system remotely via port 445 (Double Pulsar, also part of the NSA tool set).
Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
Deploy antivirus protection
Block spam
Perform regular backups of all critical information
Don't open attachments in unsolicited e-mails
Disable opened SMB port in Microsoft Office products.