Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
2. PLAN
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
2
3. WHAT IS RANSOMWARE ?
“Ransomware is a malware that encrypts contents on infected systems and demands payment in bitcoins.”
3
4. WHAT HAPPENED?
several organizations were affected by a new Ransomware strain.
The exploit ETERNALBLUE, was released in as part of a leak of NSA.
May 12th 2017
April 15th 2017
March 14th 2017
Apparition of WanaCrypt0r 2.0 who is more dangerious May 22th 2017
A young white hat hacker stopped wannacry attackMay 21th 2017
A "critical" patch had been issued by Microsoft
4
Several large organizations world wide are known to be affected.
Estimated > 200,000 victims according to various anti virus vendors
Several large organizations world wide are known to be affected.
Estimated > 200,000 victims according to various anti virus vendors
Several large organizations world wide are known to be affected.
Some organizations suggest that the initial infection originated from e-mail attachments
Affected organizations may have had
Ransomware demands will increase to $600 after 3 days. After 7 days, the files may not longer be recoverable.The ransomware will also install a backdoor to access the system remotely via port 445 (Double Pulsar, also part of the NSA tool set).
Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
Wannacry uses the discrete anonymity network to communicate with its Command & Control server:
Deploy antivirus protection
Block spam
Perform regular backups of all critical information
Don't open attachments in unsolicited e-mails
Disable opened SMB port in Microsoft Office products.