NotPetya: Under the Microscope Presentation and Re...

PhoneBoy · ‎2017-07-11

If you missed today's informative webinar on NotPetya, you can download the slide deck and watch a recording of the presentation below.

Note: You must be logged into to CheckMates in order to view the presentation and recording.

Here is a brief outline:

Intro (short summary of events + presentation goals)
Timeline – What happened prior to the attack? (M.E.Doc supply chain attack story + watering hole attack)
Lateral Movement – How does the malware spread?
- Embedded Credential Stealing Tool – Explanation
- Methods used to run remote code
- WMI
- PsExec
- EternalBlue + DoublePulsar Lateral Movement
Overview of the Ransomware’s MBR Encryption Method
- MBR, VBR, MFT – Terminology Explanation
- How does the MBR encryption in NotPetya work?
General Malware Flow
Should you Pay the Ransom?
Double Pulsar Finding (Our Research + Reference to Blog Post for Full Story)
Speculations + Fiction
- TeleBots Team Connection
- Russian Government Involvement
- Malware is Not Designed for Profit – explanation
- Confusion with CVE-2017-0199 Downloader
How can we protect ourselves from the next strain for free (besides patching and backing up )
Summary

Moti · ‎2017-07-11

Thx

Are you a member of CheckMates?