Turn Projects

Imagine this….

You sit down

You turn on your screen

And everything is….gone.

Not deleted

Just held hostage

This is ransomware, not a virus and not a glitch

It is a digital ransom note. A silent ambush. A cold demand

And it hits before you even know you are a victim

Stage 1: The Entry Point

It usually starts simple

A click on a fake invoice

A resume attachment from someone who is “very interested in the position”

A poisoned software update from a vendor you trust

You open the file.

Nothing happens… or so you think

But deep inside your system, something is already moving

Stage 2: The Payload

Once inside, the ransomware spreads

It crawls through your files

It scans your network

It finds everything worth holding hostage and encrypts it all

Think documents, pictures, databases, backups, whatever it is

Sealed shut with military grade encryption

You’re essentially locked out of your own world

Stage 3: The Demand

Then it hits

A note

Usually polite. Sometimes even branded

“Your files have been encrypted. Pay $X in Bitcoin to receive the decryption key”

A timer starts ticking.

Pay up or lose everything

Pay up, and maybe you’ll get your files back. Maybe

Stage 4: The Fallout

Even if you pay…

• Your data could be leaked anyway
• Your systems might still be broken
• You’re now on a list of “people who pay”

and if you don’t pay?

• Your business could collapse
• Patient data, financial info, or intellectual property may be destroyed or sold
• Recovery could cost more than the ransom itself

Either way, you’ve already lost

The Global Meltdown – WannaCry(2017)

On May 12, 2017, the world stopped

A ransomware worm called WannaCry began spreading like wildfire

It didn’t just target one company

It targeted everything

Using a leaked NSA exploited named EternalBlue, WannaCry exploited a vulnerability in outdated windows systems. It spread without needing users to click anything, it just jumped from machine to machine

What did WannaCry do?

• Encrypted files on the victims computer, locking them out
• Displayed a ransom note demanding payment in Bitcoin to restore access
• Used a vulnerability on Windows to spread like WIldfire across networks without user interaction
• Once inside a network, it jumped from machine to machine using the SMB protocol, making it especially devastating for larger organizations

The damage?

• Over 200,000 systems infected
• 150+ countries affected
• Estimated $4 billion in damages
• Hospitals, railways, factories, and telecoms shut down
• UK's NHS had to cancel surgeries and divert ambulances

Wanna cry changed everything.

It showed the world what happens when outdated security meets advanced cyberweapons

and the worst part?

A 22 year old security researcher stopped it by accidentally triggering a kill switch.

The kill switch?

The “Kill Switch” was an accidental flaw in the WannaCry code

• A 22 year old security researcher named Marcus Hutchins discovered that the malware checked for a non existent domain before executing
• If that domain did not exist, WannaCry would infect the system
• Marcus registered the domain, effectively activating the kill switch, causing the malware to shut itself down on infected systems that could connect to it
• Note: This didn't decrypt infected machines but stopped new infections from spreading further

So why does Ransomware still work?

Because it preys on routine

On trust
On speed
On that one click in a normal day that opens the door to everything

and because companies, governments, even hospitals…. keep paying

How do you stop it?

• Back up. Constantly. Separatley
• Patch systems. update like your life depends on it
• Train everyone. Your staff is your firewall
• Segment your network. One infected laptop shouldn't take down your data center
• Plan for the worst. Have a response plan before the message shows up