ransomware attack briefing
play

Ransomware Attack Briefing Presidents Leadership Council October - PowerPoint PPT Presentation

May 17, 2023 •161 likes •329 views

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

  1. Ransomware Attack Briefing President’s Leadership Council October 21, 2019

  2. August 8 Cyberattack Summary : • The attack was severe and sophisticated; categorized as a “catastrophic” attack. • It was highly strategic with regard to timing with a university as the target. • There were three main elements: 1. Phishing / account compromise, iteratively escalated 2. Command‐and‐control (C2) 3. Cryptoware / malicious data encryption • Ransom negotiation was sought; we did not engage or pay a ransom.

  3. Timeline: August 8: • Attack begins in early hours; users begin reporting encryption. • Cyber Incident Response Protocol is immediately initiated. • On‐premise systems are intentionally taken down. • Cybersecurity partner is engaged through Stevens cyber liability insurance. • EMT implementation is requested and Stevens declares Level 3 Emergency. • Business Continuity is initiated, and areas prepare for coordination. • Containment and remediation continues overnight.

  4. Timeline, continued: August 9: • Re‐attack is immediate, and live / operational systems are hit in real‐time. • All systems and networks are downed; all accounts are reset. • Internet connectivity is disabled. • By mid‐day, the decision is made to abandon the legacy Stevens network and construct a new, secure, segmented network. • Planning and execution begin on the new network.

  5. Timeline, continued: • August 10‐11: New network is engineered, and implementation begins. BC operations center is established. • August 13: User authentication re‐enabled, Skyline WiFi implemented, cloud services become available. • August 16‐17: Access to O365 email restored, international student processing brought online. • August 19: Student information system and ancillary systems brought online. • August 20‐22: Financial Aid, Student Accounts brought online. • August 23‐25: Students enrolled; course schedules completed. • August 26: Fall 2019 classes begin on time. Recovery of >75 systems continues.

  8. Old PCs become weapons that are used against us. A large number of old, abandoned, unmanaged, and/or unprotected systems across campus, including “shadow systems” had been compromised; it was a practical impossibility to find and eliminate them.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of Transportation February March 2018 Topics How It Happened What It Did Timeline How We Responded Business Response Cyber Incident

669 views • 20 slides
Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM Aravind Swaminathan, Orrick, Herrington & Sutcliffe Darren Teshima, Orrick, Herrington & Sutcliffe What is ransomware? Malicious software

200 views • 17 slides
1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

Geoff Hale 1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad actors, both criminal enterprises and nation-states have made use of ransomware. What: Ransomware is a type of malware that encrypts

358 views • 6 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top Leaders-2019 www.vembu.com How to protect your business from a Ransomware attack? What is Ransomware? Types of Ransomware How it attacks? Stats for year

454 views • 16 slides
On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele Lenzini, and Daniele Sgandurra June 20, 2019 Ransomware Threat 1 Ransomware Threat 1 Deception-Based Anti-Ransomware In the context of ransomware,

507 views • 22 slides
Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

718 views • 33 slides
Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing History 1989 AIDS TROJAN DISK distributed/infected via floppy disk developer was caught and put into jail 2005 first internet attack

748 views • 54 slides
Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new attacker entrants, lower cost through kit automation, etc.) Take consumer and enterprise digital assets hostage using high- strength encryption

365 views • 18 slides
Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of Ransomware Technology Perspective and Attacked Devices Ransomware Economy Security Conditions Biomorphic Perimeterisation How to generate a

860 views • 61 slides
Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users files unless a ransom is paid.

517 views • 30 slides
Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy Bennett 2019 Cybersecurity Awareness Month Event October 22, 2019 2019 Texas Headlines Ransomware Ransomware Cyber criminals holding your data and

450 views • 23 slides
Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Locky Strike: Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts, FortiGuard Lion Team September 1, 2017 1 Cryptowall 2 This one? 3 Prevalence: Global ransomware Global Ransomware IPS Hits - February

647 views • 49 slides
How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How Healthcare IT Differs From General IT Agenda The Growing Threat of Ransomware What You Can Do Today To Protect Your Business How Healthcare IT

440 views • 32 slides
Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin Kirill Levchenko, Alex C. Snoeren, Damon McCoy Ransomware causes financial damages

798 views • 54 slides
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko https://arstechnica.com/information-technology/2012/11/mushrooming-growth-of-ransomware- extorts-5-million-a-year/

298 views • 13 slides
Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure

Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure

Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure Coding Universit degli Studi di Genova December 3rd, 2018 Overview Meltdown breaks memory isolation and allows a process to read the entire

335 views • 18 slides
Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre

Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre

Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre Presen sentation tation | Fiscal 2015 Third Quarter Earnings Call Presentation | 1 harris.com Forward Forward-looking looking statemen

298 views • 10 slides
A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 rump session on Dec. 2 nd ,

A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 rump session on Dec. 2 nd ,

A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 rump session on Dec. 2 nd , 2003 M.Katagi, I.Kitamura, T.Akishita, and T. Takagi(*) Sony Corporation (*)Technische Universitaet Darmstadt Introduction Optimization of

229 views • 5 slides
A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for

A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for

A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk SAC 2008, Aug. 14, 2008 Erik Zenner (DTU-MAT) A Cache Timing Analysis of HC-256 SAC 2008, Aug. 14, 2008 1 / 25

293 views • 25 slides
Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran

Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran

Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran Smith Kieran Smith UEFA A Licence Coach UEFA A Licence Coach The attacking fullback is seen by many as the most important position in the modern

369 views • 19 slides
Atlantic Alliance Partnership Corp Investor Presentation July 2016 Disclaimer Where You Can Find

Atlantic Alliance Partnership Corp Investor Presentation July 2016 Disclaimer Where You Can Find

Atlantic Alliance Partnership Corp Investor Presentation July 2016 Disclaimer Where You Can Find More Information This communication may be deemed to be solicitation material in respect of the proposed combination (the Business Combination)

696 views • 51 slides
INTERIM RESULTS September 2016 Disclaimer This presentation includes statements that are, or may

INTERIM RESULTS September 2016 Disclaimer This presentation includes statements that are, or may

INTERIM RESULTS September 2016 Disclaimer This presentation includes statements that are, or may be deemed to be, forward -looking statements . These forward-looking statements can be identified by the use of forward looking terminology,

219 views • 18 slides
http://www.free-powerpoint-templates-design.com @ @ : @ @ 01 03 04

http://www.free-powerpoint-templates-design.com @ @ : @ @ 01 03 04

http://www.free-powerpoint-templates-design.com @ @ : @ @ 01 03 04 Your Text Here Your Text Here 01 You can simply impress your 04 You can simply impress your audience and add a unique zing and audience and

493 views • 30 slides

More recommend