-- Transcript --
Let’s switch to this hot topic - in 2017, WannaCry and Petya.
What is WannaCry? Basically it is ransomware attack back in May 2017, targets mainly Microsoft Windows OS. But it does not mean that Microsoft is not safe, it is just because these are majority OS users. If I am a hacker, I will definitely target Microsoft rather than Linux or Mac.
Let me show how ransomware works, typically. Firstly it will just infect the system just like any other malware - could be by email or downloads, which makes you curious about the attachments. Once you download, the main program will search all the documents that you have, for example your Excel files, Word documents, PowerPoints, engineering drawings, legal documents and start encrypting all of them. And then, they will give instruction on how to buy bitcoins. After they get paid, a decryption program will be provided, but sometimes they don’t.
Let me ask you 2 questions:
Why is ransomware possible? and
What makes ransomware so successful?
It is obviously there must be a mature encryption technology. In fact, Dr Ken envision that ransomware will become very popular one day. Back to 20 years ago, they lack one thing, which is the mode of payment. 20 years ago if I invent ransomware and infect a PC, how can I get payments? I cannot ask them to bank in to me directly - so ransomware is successful because of bitcoin payments is all anonymous.
This is an example of ransomware email, which is a suspicious email from an unknown person and not targeted to you, and ask you to do something, for example: signing the attached contract, check the monthly financial statement, which you were not expecting it. There are people who will get curious and open the file - therefore gets infected by ransomware.
Normally we recommend people to do backups, in case you are infected you can still format the pc and copy back the files from your backup. I personally handle one case which a customer is infected by ransomware. This person actually have a thumb drive for backup. This person still could not recover the files even though he practices back up for every files. That is because he did not unplug the thumb drive, which is constantly plugged to the PC and files inside will also be encrypted by ransomware.
This is a sample screenshot of WannaCry. They will tell you that your files have been encrypted. They will remind you to make payment before certain due date, or else the payment amount will be raised or files will be deleted automatically.
We do have samples of ransomware, for our R&D purpose and to let our consultants understand it further. Total number of WannaCry victims is up to 200k organisations, with estimated total loss of $5.2billion.
Moving on, Petya is a hard disk encrypting ransomware, which it will encrypts the hard disk and prevent Windows OS from booting up, showing a red screen and ask for bitcoin payments. Meanwhile, a more dangerous version - NotPetya, is able to spread itself without user downloading it, and no decryption key even after the ransom is paid.