DECONSTRUCTED
A forensic analysis of the world's most devastating ransomware attacks.
Select Case File (DRAG TO EXPLORE)
NotPetya
The Most Destructive Cyberattack in History
WannaCry
The NHS Crippler
SolarWinds
The Sunburst Backdoor
Colonial Pipeline
DarkSide Ransomware
Equifax
The Apache Struts Breach
MGM Resorts
Social Engineering Masterclass
Target
The HVAC Vendor Breach
Stuxnet
The First Cyber Weapon
Sony Pictures
The Guardians of Peace
Marriott (Starwood)
The 4-Year Breach
The Kill Chain
A chronological reconstruction of the attack vectors used to compromise the target.
Impact Assessment
Supply Chain Injection
Russian military hackers compromise the update server of M.E.Doc, a Ukrainian accounting software.
Global Spread
Malicious update pushes NotPetya to thousands of companies. It uses EternalBlue to spread laterally instantly.
Irreversible Encryption
Unlike standard ransomware, NotPetya overwrites the MBR and encrypts the MFT, making recovery impossible.
Maersk Offline
Shipping giant Maersk is crippled, forcing them to reinstall 4,000 servers and 45,000 PCs.
Evidence Board
CONFIDENTIAL // EYES ONLYRANSOM_NOTE.TXT
WALLET ADDRESS
SHA-256 HASH
EXPLOITED VULNERABILITIES
CVE-2017-0144 (EternalBlue)MimikatzHow We Would Have Stopped It
Mapping the specific security failures to RadiumFox's preventative services.
The Failure
Unpatched Windows SMB
The Solution
Apply critical security patches (MS17-010) immediately upon release.
Explore Vulnerability ManagementThe Failure
Flat Network Architecture
The Solution
Segment networks to prevent wormable malware from spreading globally.
Explore Network Architecture ReviewThe Failure
Blind Trust in Software Updates
The Solution
Test vendor updates in a sandboxed environment before deployment.
Explore Supply Chain Security