The Investment capital

[Audio] Ransomware Cyber Attack Infosec & travelling.

[Audio] The Ransomware Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen by freezing the PC or by locking the users' files by encrypting them unless a ransom is paid. If you pay the ransom, there is no guarantee your computer will be unlocked. May 12th 2017 saw the biggest ever cyber attack in Internet history called WannaCry (Yes, bigger than the previous attacks; Dyn cyberattack took place on October 21, 2016, which caused major interruption to Internet platforms and services to large number of users in Europe and North America). A Ransomware named WannaCry stormed through the web, with a huge damage in Europe and having a Threat Level classified as Critical..

[Audio] How do ransomware infections happen? Though the infection phase is slightly different for each ransomware version, the key stages are the following: WannaCry leveraged a vulnerability in Windows OS, first discovered by the NSA (National Security Agency) , then hacked by / or leaked to Shadow Brokers and publicly revealed to the world by Shadow Brokers..

[Audio] Detailed stages in Ransomware attack Initially, the victim receives an email which includes a malicious link or a malware loaded attachment. Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC . If the victim clicks on the link or downloads and opens the attachment, a downloader will be placed on the infected PC. The downloader uses a list of domains or servers controlled by cyber criminals to download the ransomware program on the system. 4. The malware then encrypts the entire hard disk content, personal files, and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected to the local network. A warning pops up on the screen with instructions on how to pay for the decryption key as described in the next slide Infosec & travelling.

[Audio] Common Vectors of Attack Phishing emails with malicious attachments or links. Remote Desktop Protocol (RDP) attacks. Exploiting software vulnerabilities (e.g., unpatched systems). Malvertising or malicious ads on legitimate websites. Drive-by downloads from compromised or malicious websites..

[Audio] Prevention Tips ✅ Regularly back up data offline. ✅ Use updated antivirus and anti-malware solutions. ✅ Patch software and update systems regularly. ✅ Educate employees on phishing awareness. ✅ Disable RDP if not needed, or secure it. ✅ Implement zero-trust security models and endpoint detection and response (EDR)..

[Audio] WannaCry ransomware screenshot More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get the decrypt key to unlock the files. Everything happens in just a few seconds, so victims are completely broken down as they stare at the ransom screeen in disbelief. Infosec & travelling.

[Audio] Infosec & travelling Thank You! Infosec & travelling.