Secure Digital Life #17
Recorded May 30, 2017 at G-Unit Studios in Rhode Island!
Doug explains the Morris Worm and worms in general 2 - Nov 1988 -- exploited sendmail and fingerd
Talk about why SOHO equipment has a "kind of" built in defense by blocking ports by default. -- Russ
Talk about Port 445 and 3389 type stuff -- Doug and Russ
Doug and Russ talk about how WannaCry works Encrypts by file extensions The sad story of ForeverHack Uses AES 128 to encrypt all those files with those types of extensions
Doug talks about cracking encryption. AES 128 is breakable but good luck
So, what to do: You are got!
Airgap so it doesn't spread Ensure the machine is isolated Evaluate your backup situation If backed up wipe reinstall Run windows update install cyberreason and malwarebytes restore else pay up? It may be possible to break this so check out the current state and see if restore is
What you should do: Install malware bytes and keep it current Install cyberreason and keep it current Check your borders to ensure that you don't have open ports (particularly 445) Turn on Automatic Update Have a long talk with everyone in your network about phishing and updates Enterprise people, work on your patch handling
And finally Make backups and create a backup vault (offline) Use a removable drive but you have to REMOVE it. If it stays connected, toast. You can use cloud storage for this but ensure it is protected (not live) or the encryption will likely jump the gap.