WannaCry/WannaCrypt Ransomware. Prepared by the SANS Technology Institute Internet Storm Center. Released under a “Creative Commons Attribution-ShareAlike” License: Use, modify and share these slides. Please attribute the work to us.
A seminar presentation on the infamous wannacry attack.The presentation cover various terms related to wannacry ,how the attack is carried out, who are responsible and how to prevent getting affected.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
This presentation is about Ransomware. It tells you about how ransomware creates problem and how it can be removed. It also describes different types of Ransomware.
The presentation is about Ransomware attacks. It includes
~What is Ransomware?
~History of Ransomware
~How it works?
~Types of Ransomware
~How to prevent Ransomware attacks
~Biggest Ransomware attack
~Impact of Ransomware Attacks
~Facts and figures related to Ransomware
A seminar presentation on the infamous wannacry attack.The presentation cover various terms related to wannacry ,how the attack is carried out, who are responsible and how to prevent getting affected.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
This presentation is about Ransomware. It tells you about how ransomware creates problem and how it can be removed. It also describes different types of Ransomware.
The presentation is about Ransomware attacks. It includes
~What is Ransomware?
~History of Ransomware
~How it works?
~Types of Ransomware
~How to prevent Ransomware attacks
~Biggest Ransomware attack
~Impact of Ransomware Attacks
~Facts and figures related to Ransomware
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
Ransomware is a hot topic that isn't going away anytime soon. As more strains of this nasty malware are born, it's important to have a clear understanding about what this threat could mean for your business!
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
What is ransomware? How to protect against the threat of ransomware and what to do when there is a ransomware attack? These 8 tips will help you in preventing you and your organization from ransomware attacks.
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
- Baltimore ransomware hacking attack 2019
- What Is Ransomware ?
- Baltimore Ransomware Attack 2019
- Attacking Details
- How Did The Hackers Breach The Baltimore Computer System?
- Results
- How To Detect Ransomware
- Ways To Protect Your Network From A Ransomware Attack
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
Ransomware is a hot topic that isn't going away anytime soon. As more strains of this nasty malware are born, it's important to have a clear understanding about what this threat could mean for your business!
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
What is ransomware? How to protect against the threat of ransomware and what to do when there is a ransomware attack? These 8 tips will help you in preventing you and your organization from ransomware attacks.
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
- Baltimore ransomware hacking attack 2019
- What Is Ransomware ?
- Baltimore Ransomware Attack 2019
- Attacking Details
- How Did The Hackers Breach The Baltimore Computer System?
- Results
- How To Detect Ransomware
- Ways To Protect Your Network From A Ransomware Attack
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeSysfore Technologies
WannaCry, Wanna Decryptor, WannaCrypt – whatever it's referred to as, is by and large the same bitcoin-demanding beast. In this article, we explain
everything we know about the ransomware that has been raking havoc globally and how you can safeguard yourself against this threat
Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigies, understanding more about the threats on our machines can help us better protect ourselves. Without further ado, we give to you our very own Malware Dictionary.
Computer security is the process of preventing and detecting unauthorized use of our computer. Prevention measures help us to stop unauthorized users from accessing any part of your computer system. Detection helps us to determine whether or not someone attempted to break into the system, if they were successful, and what they may have done.
WannaCry Ransomware attack has affected a lot of endpoints in the networks of hospitals, educational organizations, Government sector etc. This has led to the negative consequences on the businesses causing loss of data, thus hampering the business continuity.
In a twist of irony, the global spread of WannaCry, the malware that recently attacked the NHS, was caused by spying tools leaked from the US’ National Security Agency (NSA). Highly infectious, WannaCry (also known as WannaCryptor and WCry) spread to at least 150 countries within a few hours.
Training on July 16, 2017.
This training is the compressed version of Malware Engineering & Crafting.
In this training, we will talk about malware as well as crafting the simple working malware. The goal of this session is to understanding malware internal so one can have tactics to combat it.
This PPT aims at providing brief information about the malware, Ransomware. This PPT contains information about ransomware’s way of functioning, its prime targets and certain effective measures that need to be taken to alleviate the risks related to this perilous malware.
“Ransomware” is in the top of all news that affecting the economy of the world like witches’ curse. This curse has been spreaded by Friday, 12 May 2017 infecting more than 230,000 computers by targeting the “Microsoft Windows Operating System” including 150 countries and this attack has been elaborated by Europol as bizarre in a scale. Well this is the basic information all over the world but what affection it has disseminated over businesses and entrepreneurs? If you want to know what businesses & entrepreneurs imperative to know about Ransomware, then this article is the perfect choice for you. Let’s have look on important points regarding this:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
1. WannaCry/WannaCrypt
Ransomware
Prepared by the SANS Technology Institute Internet Storm
Center. Released under a “Creative Commons Attribution-
ShareAlike” License: Use, modify and share these slides. Please
attribute the work to us.
https://creativecommons.org/licenses/by-sa/4.0/
2. What Happened?
On Friday May 12th
2017, several organizations were affected by
a new Ransomware strain.
The Ransomware was very successful in part because it used a
SMB vulnerability to spread inside networks.
The vulnerability was patched by Microsoft in March for
supported versions of Windows.
The exploit, known under the name ETERNALBLUE, was
released in April as part of a leak of NSA tools.
Variants have been seen spreading Saturday/Sunday.
3. How many infections?
Several large organizations world wide are known to be
affected.
No obvious targeting. The organizations are from various
countries and appear not to be related.
While large enterprises made the news, small business users
and home users may be affected as well.
Estimated > 200,000 victims according to various anti virus
vendors
4. How do systems get infected?
E-Mail: Some organizations suggest that the initial infection
originated from e-mail attachments, but little is known about
the e-mails. It is easily possible that other malware was
confused with WannaCry.
SMB: Affected organizations may have had vulnerable systems
exposed via port 445.
Up to know, affected organizations have not shared a lot of
proof to show how the initial infection happened.
5. What happens to the victim?
Files with specific extensions will be encrypted.
The victim will see a ransom message asking for approx. $300.
Ransomware demands will increase to $600 after 3 days. After
7 days, the files may not longer be recoverable.
The ransomware will also install a backdoor to access the
system remotely via port 445 (Double Pulsar, also part of the
NSA tool set).
6. How to Prevent Infection: Patch
Newer Windows Versions (Windows Vista, 7-10,
Windows Server 2008-2016) can be patched with
MS17-010 released by Microsoft in March.
Microsoft released a patch for older systems going
back to Windows XP and Windows 2003 on Friday.
Confirm that patch is installed
7. Other Mitigating Controls
Segment Network
Prevent internal spreading via port 445 and RDP.
Block Port 445 at perimeter.
Disable SMBv1
Implement internal “kill switch” domains / do not block them
Set registry key.
At least one additional variant of the malware was seen this
weekend. It uses a different “kill switch”.
8. Detect Affected Systems
Systems that are infected by WannaCry will try to connect to a
specific domain.
Encrypted files will have the “wncry” extension.
Systems will scan internally for port 445.
Ransom message will be displayed.
In addition, infected systems will reach out to sites for crypto
keys.
Anti-Malware has signatures now for WannaCry.
10. Cleaning Up Infected Systems
Anti-Malware vendors are offering removal tools.
Removal tools with remove malware, but will not recover
encrypted files.
WannaCry will install a backdoor that could be used to
compromise the system further.
Note that not all files with the .wncry extension are encrypted.
Some may still be readable.
11. Kill Switch
The malware will not run if it can access a specific website.
This web site has been registered to stop the spread of
malware.
But proxies may prevent connections. An internal website may
be more reliable and allows detecting infections.
A registry entry was found that will prevent infection as well,
and a tool was released to set the entry.
Future versions will likely remove these kill switches or change
the name of the registry entry.
12. Will Paying the Ransom Help Us?
There is no public report from victims who paid the ransom.
About a hundred victims paid so far.
The unlock code is transmitted in a manual process that
requires the victim to contact the person behind the
ransomware to transmit an unlock code.
Due to the law enforcement and public attention, it is possible
that the individual(s) behind this malware will disappear and
not release unlock codes in the future.
13. Impact / Summary
Availability
Affected organizations will loose access to the files encrypted by the
malware. Recovery is uncertain even after paying the ransom.
Confidentiality
The malware does install a backdoor that could be used to leak data from
affected machines, but the malware itself does not exfiltrate data
Integrity
Aside from encrypting the data, the malware does not alter data. But the
backdoor could be used by others to cause additional damage
14. Additional Links
Technical Webcast: https://www.sans.org/webcasts/massive-
ransomware-crisis-uk-health-system-105150
Microsoft Guidance
https://blogs.technet.microsoft.com/msrc/2017/05/12/custom
er-guidance-for-wannacrypt-attacks/
Internet Storm Center: https://isc.sans.edu