SlideShare a Scribd company logo

Wannacry Threat Brief

Download as PPTX, PDF
Debra Baker, CISSP CSSP
Debra Baker, CISSP CSSP

This Presentation goes over the Wannacry hack, how to be protected, and the Marcus Hutchins arrest. https://cysreport.com https://debinfosec.com

Technology
1 of 12
Wannacry Special Report CYS Report @deb_infosec https://cysreport.com
WannaCry
WannaCry ▶ Malware from the Shadow Brokers dump wreaks havoc 5/12 ▶ NSA Windows hacking tools 4/14/17 ▶ Worm – replicates itself with no user intervention ▶ Ransomware – encrypts your disk drive and requests money $300 in order to decrypt your drive ▶ WannaCry appears to primarily utilize ▶ ETERNALBLUE modules – for initial SMBv1.0 exploit ▶ DOUBLEPULSAR backdoor - installs the ransomware payload.
Who Stopped WannaCry?
WannaCry Hero
WannaCry ▶ How was it stopped? ▶ Stopped by registering non-existent DNS domain ▶ If the domain existed, then the worm didn’t do anything else ▶ Disable SMB 1.0 should be using SMB 3.0 ▶ Patch Windows devices (Windows 10 not affected) ▶ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ▶ Backup your computer so you can recover ▶ https://www.barkly.com/ransomware-recovery-decryption- tools-search
Wannacry Update ▶ WannaCry ransomware worm... ▶ Honda forced to shut down plant in Japan ▶ Block port Ports 139, 445 to external networks ▶ Don’t use SMB 1.0, should be using SMB 3.0 ▶ If have SMB 3.0 in use, but have not disabled SMB 1.0, hackers could enable SMB 1.0 to exploit ▶ Patches Available ▶ Next version of Microsoft 10 RedStone 3 will disable
WannaCry Hero Arrested ▶ Marcus Hutchins the 23 year old Malware hunter who stopped Wannacry was arrested after Defcon/BlackHat Conferences ▶ He’s accused of advertising, distributing, and profiting from Kronos malware ▶ Steal online banking credentials ▶ Steals credit card data
WannaCry Hero Arrested ▶ Gov alleges Marcus wrote the Kronos code ▶ Some of the code may have been written for non malicious means ▶ Apparently he wrote a chunk of code that was then used in Kronos ▶ As reported by Dan Goodin at ARS Technica, Marcus complained of a code sample that he wrote for his blog that was stolen and used in malware.
Marcus’ Dubious Background ▶ Brian Krebs did in depth research on Marcus’ background and found that Marcus had created and sold malware as a teen. ▶ Apparently Marcus made a turn to be a white hat hacker as an adult and has never looked back to the dark web so to speak ▶ Hoping that the government takes this into account in his case ▶ We don’t want white hack hackers to feel threatened for releasing vulnerability information on products.
Podcast Check out my WannaCry podcast: https://cysreport.com/wannacry-special-report/

Recommended

What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
Wannacry-A Ransomware Attack
Wannacry-A Ransomware AttackWannacry-A Ransomware Attack
Wannacry-A Ransomware AttackMahimaVerma28
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Wannacry
WannacryWannacry
WannacryGunther Clauwaert
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
How to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareHow to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareSeminar Links
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 

Recommended

What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
Wannacry-A Ransomware Attack
Wannacry-A Ransomware AttackWannacry-A Ransomware Attack
Wannacry-A Ransomware AttackMahimaVerma28
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Wannacry
WannacryWannacry
WannacryGunther Clauwaert
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
How to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareHow to prevent WannaCry Ransomware
How to prevent WannaCry RansomwareSeminar Links
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার Titas Sarker
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideSarah Roberts
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Wannacry
WannacryWannacry
WannacryAravindVV
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry RansomwareZoho Corporation
 

More Related Content

What's hot

র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার Titas Sarker
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideSarah Roberts
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 

What's hot (20)

র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
What is Ransomware? A Quick Guide
What is Ransomware? A Quick GuideWhat is Ransomware? A Quick Guide
What is Ransomware? A Quick Guide
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Ransomware
RansomwareRansomware
Ransomware
 

Similar to Wannacry Threat Brief

Identify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdfIdentify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdffatoryoutlets
 
Cyber Crime & Security.pdf
Cyber Crime & Security.pdfCyber Crime & Security.pdf
Cyber Crime & Security.pdfMohanPandey31
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaSergio Renteria Nuñez
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101v_raj
 
How to Delete plus network.com
How to Delete plus network.comHow to Delete plus network.com
How to Delete plus network.commariagoel7
 
Computer Ethics - Hacking
Computer Ethics - HackingComputer Ethics - Hacking
Computer Ethics - Hackingthelilly
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...HackIT Ukraine
 
Wannacry cyber attack.pptx
Wannacry cyber attack.pptxWannacry cyber attack.pptx
Wannacry cyber attack.pptxmachandi
 
What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?K7 Computing Pvt Ltd
 
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxWhat’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxkesavanrachel
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersdenniskelly315
 

Similar to Wannacry Threat Brief (20)

Wannacry
WannacryWannacry
Wannacry
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Welcome to the #WannaCry Wine Club
Welcome to the #WannaCry Wine ClubWelcome to the #WannaCry Wine Club
Welcome to the #WannaCry Wine Club
 
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdfIdentify one cyberattack that occurred in the last 2 years. What cau.pdf
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
 
Network security
Network securityNetwork security
Network security
 
Cyber Crime & Security.pdf
Cyber Crime & Security.pdfCyber Crime & Security.pdf
Cyber Crime & Security.pdf
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks Telefónica
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101
 
How to Delete plus network.com
How to Delete plus network.comHow to Delete plus network.com
How to Delete plus network.com
 
Hacking
HackingHacking
Hacking
 
Computer Ethics - Hacking
Computer Ethics - HackingComputer Ethics - Hacking
Computer Ethics - Hacking
 
SECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptxSECURITY IN COMPUTING.pptx
SECURITY IN COMPUTING.pptx
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Wannacry cyber attack.pptx
Wannacry cyber attack.pptxWannacry cyber attack.pptx
Wannacry cyber attack.pptx
 
What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?
 
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxWhat’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelers
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Wannacry Threat Brief

  • 3. WannaCry ▶ Malware from the Shadow Brokers dump wreaks havoc 5/12 ▶ NSA Windows hacking tools 4/14/17 ▶ Worm – replicates itself with no user intervention ▶ Ransomware – encrypts your disk drive and requests money $300 in order to decrypt your drive ▶ WannaCry appears to primarily utilize ▶ ETERNALBLUE modules – for initial SMBv1.0 exploit ▶ DOUBLEPULSAR backdoor - installs the ransomware payload.
  • 6. WannaCry ▶ How was it stopped? ▶ Stopped by registering non-existent DNS domain ▶ If the domain existed, then the worm didn’t do anything else ▶ Disable SMB 1.0 should be using SMB 3.0 ▶ Patch Windows devices (Windows 10 not affected) ▶ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ▶ Backup your computer so you can recover ▶ https://www.barkly.com/ransomware-recovery-decryption- tools-search
  • 7.
  • 8. Wannacry Update ▶ WannaCry ransomware worm... ▶ Honda forced to shut down plant in Japan ▶ Block port Ports 139, 445 to external networks ▶ Don’t use SMB 1.0, should be using SMB 3.0 ▶ If have SMB 3.0 in use, but have not disabled SMB 1.0, hackers could enable SMB 1.0 to exploit ▶ Patches Available ▶ Next version of Microsoft 10 RedStone 3 will disable
  • 9. WannaCry Hero Arrested ▶ Marcus Hutchins the 23 year old Malware hunter who stopped Wannacry was arrested after Defcon/BlackHat Conferences ▶ He’s accused of advertising, distributing, and profiting from Kronos malware ▶ Steal online banking credentials ▶ Steals credit card data
  • 10. WannaCry Hero Arrested ▶ Gov alleges Marcus wrote the Kronos code ▶ Some of the code may have been written for non malicious means ▶ Apparently he wrote a chunk of code that was then used in Kronos ▶ As reported by Dan Goodin at ARS Technica, Marcus complained of a code sample that he wrote for his blog that was stolen and used in malware.
  • 11. Marcus’ Dubious Background ▶ Brian Krebs did in depth research on Marcus’ background and found that Marcus had created and sold malware as a teen. ▶ Apparently Marcus made a turn to be a white hat hacker as an adult and has never looked back to the dark web so to speak ▶ Hoping that the government takes this into account in his case ▶ We don’t want white hack hackers to feel threatened for releasing vulnerability information on products.
  • 12. Podcast Check out my WannaCry podcast: https://cysreport.com/wannacry-special-report/