If you missed today's informative webinar on NotPetya, you can download the slide deck and watch a recording of the presentation below.

Note: You must be logged into to CheckMates in order to view the presentation and recording.

NotPetya: Under the Microscope Slidedeck‌

NotPetya: Under the Microscope Webinar Recording‌

Here is a brief outline:

• Intro (short summary of events + presentation goals)
• Timeline – What happened prior to the attack? (M.E.Doc supply chain attack story + watering hole attack)
• Lateral Movement – How does the malware spread?
  • Embedded Credential Stealing Tool – Explanation
  • Methods used to run remote code
  • WMI
  • PsExec
  • EternalBlue + DoublePulsar Lateral Movement
• Overview of the Ransomware’s MBR Encryption Method
  • MBR, VBR, MFT – Terminology Explanation
  • How does the MBR encryption in NotPetya work?
• General Malware Flow
• Should you Pay the Ransom?
• Double Pulsar Finding (Our Research + Reference to Blog Post for Full Story)
• Speculations + Fiction
  • TeleBots Team Connection
  • Russian Government Involvement
  • Malware is Not Designed for Profit – explanation
  • Confusion with CVE-2017-0199 Downloader
• How can we protect ourselves from the next strain for free (besides patching and backing up )
• Summary

Related: How Endpoint Forensics sees NotPetya