Download - Ransomware: Wannacry
RansomwareIt is a type of malicious software that will take your important
files, encrypt them and then it will blackmailing you to pay for get them back.
- this is the new oil, for the bad guys -
Wannacry
● Affected more than 150 countries.
● Infected major businesses and organizations.
● More than 200,000 systems around the world are believed to be infected
Black Friday - May 12, 2017
How much money wannacry ask you?
● Between the first three days = $300 ● Between the next three days (extra chance) = $600
- After seven days without payment, the malware will delete all of the encrypted files and all data will be lost. -
How does it get to you?
● Hosts can get infected downloading for example PDFs or any kind of other files that hide the malware. Normally those are sent via email or accessing to a url.
● Another host in the same network can exploit a vulnerability (SMBv1) and install the malware on it.
Hard to reach the first one, then easy to reach hundreds...
● NSA leakage on April, 17 2017.● The Shadow Brokers.● Some exploits unknown until that time.● Ethernalblue. SMBv1 (Microsoft Server Message Block 1.0)
The cure… before the disease
Recall, NSA leakage on April 17, 2017
Microsoft solution on March 14, 2017
How do prevent it?
● Install the security patch MS17-010.
● Monitor traffic over port 445 in the firewall.
● Block the port 445 (SMBv1) by host.
● Keep your system up-to-date.