Ransomware: Wannacry

Ransomwarewannacry

Mikel Solabarrieta

RansomwareIt is a type of malicious software that will take your important

files, encrypt them and then it will blackmailing you to pay for get them back.

- this is the new oil, for the bad guys -

Very nice business

Wannacry

● Affected more than 150 countries.

● Infected major businesses and organizations.

● More than 200,000 systems around the world are believed to be infected

Black Friday - May 12, 2017

Which organizations were affected?

Some epic images

How much money wannacry ask you?

● Between the first three days = $300 ● Between the next three days (extra chance) = $600

- After seven days without payment, the malware will delete all of the encrypted files and all data will be lost. -

How does wannacry’s message look like?

How does it get to you?

● Hosts can get infected downloading for example PDFs or any kind of other files that hide the malware. Normally those are sent via email or accessing to a url.

● Another host in the same network can exploit a vulnerability (SMBv1) and install the malware on it.

Hard to reach the first one, then easy to reach hundreds...

● NSA leakage on April, 17 2017.● The Shadow Brokers.● Some exploits unknown until that time.● Ethernalblue. SMBv1 (Microsoft Server Message Block 1.0)

The cure… before the disease

Recall, NSA leakage on April 17, 2017

Microsoft solution on March 14, 2017

Wannacry is using Ethernalblue

How do prevent it?

● Install the security patch MS17-010.

● Monitor traffic over port 445 in the firewall.

● Block the port 445 (SMBv1) by host.

● Keep your system up-to-date.

The kill switchTwo britain guy were “The accidental heroes”

What about the money?

What about the money?

What about the money?

What about the money?

91.901,43 USD in one week

Thanks