If you missed today's informative webinar on NotPetya, you can download the slide deck and watch a recording of the presentation below.
Note: You must be logged into to CheckMates in order to view the presentation and recording.
NotPetya: Under the Microscope Slidedeck
NotPetya: Under the Microscope Webinar Recording
Here is a brief outline:
- Intro (short summary of events + presentation goals)
- Timeline – What happened prior to the attack? (M.E.Doc supply chain attack story + watering hole attack)
- Lateral Movement – How does the malware spread?
- Embedded Credential Stealing Tool – Explanation
- Methods used to run remote code
- EternalBlue + DoublePulsar Lateral Movement
- Overview of the Ransomware’s MBR Encryption Method
- MBR, VBR, MFT – Terminology Explanation
- How does the MBR encryption in NotPetya work?
- General Malware Flow
- Should you Pay the Ransom?
- Double Pulsar Finding (Our Research + Reference to Blog Post for Full Story)
- Speculations + Fiction
- TeleBots Team Connection
- Russian Government Involvement
- Malware is Not Designed for Profit – explanation
- Confusion with CVE-2017-0199 Downloader
- How can we protect ourselves from the next strain for free (besides patching and backing up )
Related: How Endpoint Forensics sees NotPetya