Tech-Tycoon's presentation (Ransomware attack)

Tech-Tycoons. We Deal*We Build.

Staff Members. . Mr Moenyane. Ms Molelo. Mr Melupe.

Ransomware Attack. What is it & What happens.

R ansomware A ttack. Deviates from the traditional ransomware definition It is called “worm” Ransomware combines two extremely destruction capabilities, It has far more disruptive and destructive than previous cases that we have seen over 18-24 months.

How the company will protect/mitigate the risk. Ensure MS-17-010 patch is installed on every windows system, including windows XP. Disable SMBv1, an older version of the SMB protocol, and block port 445 at the perimeter. Generally, the SMB protocol does not need to be exposed externally, and is only used internally. Ensure company security program has an understanding of what ports, protocols and services are required for business to operate, and disable any that are not, especially port 445..

Secondary Steps. Search company network for files with the .wncry extension to find any encrypted drives that must be recovered from back-ups. Configure SIEM or IDS to look for SMB scanning of port 445 in volume. This will also help to determine if organization was attacked ..

Best Practices To Reduce Risk:. 00 0.

Implications will this have for our company security program.

Thank you!.