Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ted Gould @tedjgould Allen Rotary May 17, 2017 WannaCry Ransomware Ted Gould @tedjgould Allen Rotary May 17, 2017.

Published byClaire Houston Modified over 7 years ago

Similar presentations

Presentation on theme: "Ted Gould @tedjgould Allen Rotary May 17, 2017 WannaCry Ransomware Ted Gould @tedjgould Allen Rotary May 17, 2017."— Presentation transcript:

1 Ted Gould @tedjgould Allen Rotary May 17, 2017
WannaCry Ransomware Ted Gould @tedjgould Allen Rotary May 17, 2017

2 What happened?

3 Where? Europol estimates ~200K computers in 150 countries
Map By User:Roke - File:BlankMap-World-v2.png, CC BY-SA 3.0,

4 NHS Deminished Service

5 What should you do right now?
Mac OS, Ubuntu, Chrome OS: Keep up-to-date Windows Apply all security updates (XP especially vulnerable) Disable SMB1 if possible (Windows network sharing) Update to supported versions of Windows (and other OSes) as soon as possible

6 How does it work? Encrypts documents on the computer
Looks on the network for other computers to infect using the EternalBlue SMB exploit Requests Payment to a Bitcoin Wallet ($300 to $1000) Installs a backdoor in the machine

7 Encryption Stopped

8 Who made EternalBlue? Believed to be the NSA
Leaked publicly (along with many other tools) on April 14th, (some believe by a foreign adversary) NSA is believed to have other zero-day (unpatched) vulnerabilities

9 Should the US gov’t have zero days?
“Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

10 Should the US gov’t pay for zero days?

11 Book on Stuxnet (gov’t viruses)

12 Why? Money? Ransomware requires a fee to decrypt, sometimes paying that fee results in getting the decryption keys It appears people trying to pay overwhelmed the attackers (which would imply they weren’t ready for the response) Politics? Since it was an NSA exploit someone may have been trying to embarrass the NSA or USA Joy riders? Information was publicly available, so literally anyone could have done it

13 What to do about Ransomware?
BACKUPS!!! (air gapped or offline if possible)

14 What if I get Ransomware?
Shutdown computer Some ransomware may not have encrypted all files Worms may be continuing to look for additional targets on your network Get help Talk to a computer professional about how to fix the machine. This will likely including formatting (deleting all the data) the machine and returning it to a safe state Notify customers via disclosure policy You have a disclosure policy, right? Right? Important to let customers know similar to a physical break in.

15 Slides: http://gould.cx/ted/presentations/
Questions? Slides:

Download ppt "Ted Gould @tedjgould Allen Rotary May 17, 2017 WannaCry Ransomware Ted Gould @tedjgould Allen Rotary May 17, 2017."

Similar presentations

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Presentation By Timothy Mangas. Why should we worry? Crimes committed using the computer or Internet can be more costly (money wise) than other crimes.

Presentation By Timothy Mangas. Why should we worry? Crimes committed using the computer or Internet can be more costly (money wise) than other crimes.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
Maritime Cyber Risks – What is real, what is fiction?

Maritime Cyber Risks – What is real, what is fiction?
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Malware Fighting Spyware, Viruses, and Malware Ch 4.

Malware Fighting Spyware, Viruses, and Malware Ch 4.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
By Ksenia Primizenkina 8K

By Ksenia Primizenkina 8K
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.

Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
Computer Security! Emma Campbell, 8K VirusesHackingBackups.

Computer Security! Emma Campbell, 8K VirusesHackingBackups.
Virus hacking Stuxnet Backups. Computer SecurityComputer Security Catch it, kill it, bin it.

Virus hacking Stuxnet Backups. Computer SecurityComputer Security Catch it, kill it, bin it.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.

James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.

Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Similar presentations

Ads by Google