The document discusses ransomware, highlighting its evolution, impact, and countermeasures, particularly focusing on the WannaCry attack. It outlines the nature of ransomware, including its malicious payment requirements and the tactics used by cyber criminals, such as social engineering and phishing. Recommendations for prevention and mitigation include cybersecurity training, regular backups, and investment in advanced malware protection.

1. R@NS0MW@R3 attack – Cyber Security
S S G T F E L I C I A N O
"People are used to having technology
solution (but) social engineering
bypasses all technologies, including
firewalls. Technology is critical, but we
have to look at people and processes.
Social engineering is a form of hacking
that uses influence tactics" - Kevin
Mitnick

2. CONTENTS
WHAT IS RANSOMWARE?
EVOLUTION
ANATOMY OF ATTACK
SYMPTOMS
COUNTERMEASURES
SECURITY IMPLICATIONS

3. WHAT IS RANSOMWARE?
WANNACRY RANSOMWARE
• Malicious software attack that encrypts your
computer with an encryption key rendering it
unusable
• Victim must pay in bitcoin (anonymous
payment) to recover the private key
• The attack is perpetuated by organized cyber
criminals
• Victims (individuals) typically pay $300-600
while (corporations) typically pay $10-17
Thousands in Bitcoin market rates depending
on the size and necessity of data

4. D
O
W
N
L
O
A
D
I
N
G
F
I
L
E
P
L
E
A
S
E
W
A
I
T
.
.
.
.
1
0
1
0
1
1
1
1
1
0
0
0
0
1
1
1
1
1
1
0
1
0
1
0
1
1
1
1
1
0
0
0
0
1
1
1
1
1
1
0
1
0
1
0
1
1
1
1
1
0
0
0
0
1
1
1
1
1
1
0
> | RANSOMWARE INITIATED.. 1
0
1
0
1
1
1
1
1
0
0
0
0
1
1
1
1
1
1
0
• This type of attack is practically impossible
to reverse since you need the exact key
which they cyber criminal is retaining
• This type of attack as grown in strength,
innovation and success (own cracking
would take quadrillion years, advance spear
phishing, success as much as 90,000 targets
per day)
• This type of attack has shown an increase in
revenue to underground syndicates (steady
source of income) if you pay, it further
funds their network

5. 10101010101010101010101010101010101010
10101101010101010101011010101010101010
10101010111100100101010101010100101101
01010101010101010101010101010110101010
10100010101010101010 RANSOMWARE
10101010101001010101010101010101101010
10101010101101010101101010101101010101
01101010101101110110110101010101010101
01010101011010100101010101010101010101
01010101010101010101010101010101111010
00001010101 RANSOMWARE 10101010101
01010110101101010101101010110101011010
11011011010101011010101011010101010110
10101011010101010101010110101010101010
10101010101010101101010101010101010101
01010110101010101010101010110101010101
01101010101 RANSOMWARE 1010101010100
01010101010101010101001100110101010101
01010101010101010101010111011100101010
11110110101010010010100000000001011010
01010101010101010101010101010101010101
01010101010101101011010101101010101100
0110101010001101 EVOLUTION
• Fake Anti-virus (2001) (1 Type) – Scareware (Scam
victim of payment to remove viruses)
• Bitcoin Network Launched (2009) – Anonymous
Payment
• Reveton RansomLock/Winlocker (2012) – Police
Themed (Locks PC and imposes deadline) gets closer to
deadline price increases
• CryptoWall/TorrentLocker (2013-2014) – Steals your
data while you wait
• ** WannaCry/Petya/Locky/Packman (2015-2016) –
over 16 Variants - aggressive malware – deletes all
storages connected if non-compliant, TOR assisted
• Targets users, corporate ,and health practitioners

6. ANATOMY OF ATTACK
Malware delivered via:
• Infected websites (hijacking – drive-by-downloads) Adware
• Email spear phishing attack (social engineering) attachments
• Common sinister attachments include: invoices, payroll, scanned images from Xerox
Work Center MFD, My Resume (HR Target), voicemail message, payment overdue (bills,
tickets, other), corporate efax, case number)
• Unpatched Software (Operating System or Programs)
• Pirated Software (violation of company policies)

7. SYMPTOMS
Life was simpler then, remember this? The
good old times…
Blue Screen of Death
• You cannot open files saying
you have the wrong
extension
• Alarming message on the
screen (pop-up) demanding
payment, followed by a
countdown ("Your personal
files are encrypted!", "Time-
left - Private Key will be
destroyed on 11.04.2017
12:45 PM”

8. COUNTER
MEASURES
• Cyber Security Training for end users (education on
social engineering, phishing campaigns, suspicious
websites
• Reinforce company policies (computer usage policy)
• Regular Backup of personal files and share drives
• Disable Macros and Active X
• Keep Windows Firewall On
• Disable USB connections on all PCs
• Show extensions on windows
• Activate inherent browser pop-up blocker
• Have Anti-spam block extensions (exe, vbs, scr)
which are common ransomware variants
• Invest on Advanced Malware Protection
• Ensure Anti-virus is updated and running on your
machine
• Avoid clicking on suspicious links
• Don’t Go to suspicious websites
• Computer Hardening Strategies

9. DISCLAIMER
This briefing is for informational purposes only. The content shared here does not
represent views of the New York Police Department nor the United States Armed
Forces, therefore readers (individuals or corporations) should take into account that
the slides have been collaborated with information from research, analysis, training
and other sources. If the reader desire help in mitigating an actual ransomware
attack, the corporation should activate their Incident Response Team or the
individual should seek out professional IT support under his warranty service
agreement.
DON’T BECOME A VICTIM OF CYBER CRIMINALS – RAISE YOUR SHIELD
THANK YOU