Vous êtes sur la page 1sur 15

WANNACRY / WANNACRYPT

RANSOMWARE

Prepared by:
- Ayoub Rouzi
- Abdelhakim Salama
PLAN
 Introduction
 What happened ?
 What is Wannacry / Wannacrypt ?
 How many Infections ?
 What happens to the victim?
 How to protect yourself ?
 Will Paying the Ransom Help Us?
 Conclusion

2
WHAT IS RANSOMWARE ?
 “Ransomware is a malware that encrypts contents on infected systems and demands payment in bitcoins.”

3
WHAT HAPPENED?

A "critical" patch had been issued by Microsoft March 14th 2017

April 15th 2017 The exploit ETERNALBLUE, was released in as part of a leak of NSA.

several organizations were affected by a new Ransomware strain. May 12th 2017

May 21th 2017 A young white hat hacker stopped wannacry attack

Apparition of WanaCrypt0r 2.0 who is more dangerious May 22th 2017

4
HOW MANY INFECTIONS?

Estimated > 200,000 victims


5
HOW MANY INFECTIONS?

6
HOW MANY INFECTIONS?

7
HOW DO SYSTEMS GET INFECTED?

• E-Mail.

• Infected websites.

• SMB (Server Message Block) :


vulnerable systems exposed via port 445.

8
WHAT HAPPENS TO THE VICTIM?

• Files with specific extensions will be encrypted.


• The victim will see a ransom message asking for approx. $300.

9
WHAT HAPPENS TO THE VICTIM?
• Once all the files are encrypted:
• Open a backdoor

10
WHAT HAPPENS TO THE VICTIM?

Wannacry warns the user of the encryption of these files by modificating the desktop wallpaper:

11
HOW TO PROTECT YOURSELF

12
WILL PAYING THE RANSOM HELP US?

• There is no public report from victims who paid the ransom.


• About a hundred victims paid so far.

13
WHAT’S THE UPDATES ?

• Windows, Linux, Mac


• More victims
• More data collection

14
CONCLUSION

• Availability
Affected organizations will loose access to the files encrypted by the malware. Recovery is
uncertain even after paying the ransom.

• Confidentiality
The malware does install a backdoor that could be used to leak data from affected
machines, but the malware itself does not exfiltrate data

• Integrity
Aside from encrypting the data, the malware does not alter data. But the backdoor could be
used by others to cause additional damage

15