Comparison between WannaCry and the Petya cyber-attacks
VerifiedAdded on 2023/06/09
|10
|2592
|344
AI Summary
This article discusses the comparison between WannaCry and the Petya cyber-attacks, their scope, operational details, and preventive measures. It also discusses the ransomware attack on Hotel guests in Atrium Hospitality.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY
Information Security
Name of Student-
Name of University-
Author’s Note-
Information Security
Name of Student-
Name of University-
Author’s Note-
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION SECURITY
Part A
Ransomware attack on Hotel guests in Atrium Hospitality
Defining the Problem
The Atrium Hospitality having its headquarter in Alpharetta, Georgia is a famous hotel
and is an asset management company. The Atrium Hospitality has faced ramsomware attack in
March 16, 2018. Atrium Hospitality announced that they had faced a data breach with
information of 376 hotel guests in danger (Pollak, 2018). The information of the customers
impacted because of the data breach. The hotel and the hotel guests were unaware of the actual
misuse of data and took preventive measures to protect the data from further misuse. In the
month of December 2017, the Hospitality discovered that of the workstations at Holiday Inn was
affected by the ransomware attack. When Atrium Hospitality came to know about the attack
which took place, the Hospitality immediately decided to change the workstation from the
previous network and immediately started investigation with the forensic investigation firm. On
14th February, 2018, the Hospitality stated that three hundred and seventy six data including the
name, license number, passport number as well as debit and credit card details of the customers
was assessable to the hackers. As soon as Atrium got to know about the fact, 182 guests were
notified about the data breach through mails and address of others were not available. The
hospitality also revealed the case to state regulators as per requirement. Atrium was not aware of
the fact whether the data taken were misused and also cannot ensure whether the data was
actually accessed by the hackers or not (Kica, 2016). So, the Atrium Hospitality informed all its
guests to check their financial statements, monitors if credited is done and then reports any
suspicious activities if the customers records. After reporting, the Atrium Hospitality will take
Part A
Ransomware attack on Hotel guests in Atrium Hospitality
Defining the Problem
The Atrium Hospitality having its headquarter in Alpharetta, Georgia is a famous hotel
and is an asset management company. The Atrium Hospitality has faced ramsomware attack in
March 16, 2018. Atrium Hospitality announced that they had faced a data breach with
information of 376 hotel guests in danger (Pollak, 2018). The information of the customers
impacted because of the data breach. The hotel and the hotel guests were unaware of the actual
misuse of data and took preventive measures to protect the data from further misuse. In the
month of December 2017, the Hospitality discovered that of the workstations at Holiday Inn was
affected by the ransomware attack. When Atrium Hospitality came to know about the attack
which took place, the Hospitality immediately decided to change the workstation from the
previous network and immediately started investigation with the forensic investigation firm. On
14th February, 2018, the Hospitality stated that three hundred and seventy six data including the
name, license number, passport number as well as debit and credit card details of the customers
was assessable to the hackers. As soon as Atrium got to know about the fact, 182 guests were
notified about the data breach through mails and address of others were not available. The
hospitality also revealed the case to state regulators as per requirement. Atrium was not aware of
the fact whether the data taken were misused and also cannot ensure whether the data was
actually accessed by the hackers or not (Kica, 2016). So, the Atrium Hospitality informed all its
guests to check their financial statements, monitors if credited is done and then reports any
suspicious activities if the customers records. After reporting, the Atrium Hospitality will take
2INFORMATION SECURITY
necessary steps that are required to prevent that particular transaction or prevent some other
unauthenticated transactions in future.
How it occurred and reason for occurring?
On 8th December, 2017, Atrium Hospitality discovered the fact that the workstation of
Sacramento Holiday Inn was infected by the malware. The officials of the Atrium Hospitality
expected a data breach in one of the workstation of Atrium Hospitality and detached its network
from other sources (Kharraz et al., 2015). The Atrium Hospitality was not aware of the data
breach that took place in one of their holiday inn. They were also not aware about if the hackers
took the information of the customers and misused them. The officials were not aware of what
had actually taken the. The data breach took place because the security system was not updated
that would protect the workstation from data breach ("Atrium Hospitality Notifies Hotel Guests
of Compromise", 2018). The data breach occurred by hacking the name, passport number, debit
and credit card details of the guests and license number of 376 guests. From all the guests
affected, 182 guests were informed by mailing them and other guests were not informed as their
address were not available with the officials. The systems that the Holiday Inn of Atrium
Hospitality were using were not updated and so that lead to data breach in the workstation. The
guests who were impacted because of data breach, were requested to keep a look on their
financial statements, monitor their credit reports and if they would detect any suspicious activity,
they were informed to report immediately to the officials of protective team ("16-31 March 2018
Cyber Attacks Timeline", 2018). The cyber-attack that took place contained malicious programs
which directly affected the programs ran in the workstation of Sacramento Holiday Inn. The
Atrium Hospitality were not having proper preventive measures to protect the details of their
necessary steps that are required to prevent that particular transaction or prevent some other
unauthenticated transactions in future.
How it occurred and reason for occurring?
On 8th December, 2017, Atrium Hospitality discovered the fact that the workstation of
Sacramento Holiday Inn was infected by the malware. The officials of the Atrium Hospitality
expected a data breach in one of the workstation of Atrium Hospitality and detached its network
from other sources (Kharraz et al., 2015). The Atrium Hospitality was not aware of the data
breach that took place in one of their holiday inn. They were also not aware about if the hackers
took the information of the customers and misused them. The officials were not aware of what
had actually taken the. The data breach took place because the security system was not updated
that would protect the workstation from data breach ("Atrium Hospitality Notifies Hotel Guests
of Compromise", 2018). The data breach occurred by hacking the name, passport number, debit
and credit card details of the guests and license number of 376 guests. From all the guests
affected, 182 guests were informed by mailing them and other guests were not informed as their
address were not available with the officials. The systems that the Holiday Inn of Atrium
Hospitality were using were not updated and so that lead to data breach in the workstation. The
guests who were impacted because of data breach, were requested to keep a look on their
financial statements, monitor their credit reports and if they would detect any suspicious activity,
they were informed to report immediately to the officials of protective team ("16-31 March 2018
Cyber Attacks Timeline", 2018). The cyber-attack that took place contained malicious programs
which directly affected the programs ran in the workstation of Sacramento Holiday Inn. The
Atrium Hospitality were not having proper preventive measures to protect the details of their
3INFORMATION SECURITY
guests. This made the attackers easy to access the information of 376 guests getting their names,
bank account details and other important credentials.
What could have been done to prevent it?
There are many ways to prevent an organization from cyber-attack. To prevent the
network of the workstation from cyber-attack, the Atrium Hospitality was expected to have all
the preventive measures (Case, 2016). If it was not possible for Atrium Hospitality to appoint
and expert from outside to maintain all the network of the system, and also to make
recommendations for security, them the Hospitality would have implemented many economical
steps that would have reduced the risk of cyber-attack in the workstation. The list of doable that
would have prevented the risk of cyber-attack in the workstation are listed below:
1. Train all the employees of the workstation so that they can get all idea about the principles of
cyber security.
2. All the computer that the Atrium Hospitality had would be always updated and the all the
system was expected to have antivirus installed in the systems.
3. The workstation should have used a firewall for using the Internet connection as it would stop
all malicious virus from entering into the system (Nizam et al., 2016).
4. All the personal data and the information of the guests should have been stored and kept as
backup for business information.
5. Accessing the personal computers and access the components of the network should have
physical control.
guests. This made the attackers easy to access the information of 376 guests getting their names,
bank account details and other important credentials.
What could have been done to prevent it?
There are many ways to prevent an organization from cyber-attack. To prevent the
network of the workstation from cyber-attack, the Atrium Hospitality was expected to have all
the preventive measures (Case, 2016). If it was not possible for Atrium Hospitality to appoint
and expert from outside to maintain all the network of the system, and also to make
recommendations for security, them the Hospitality would have implemented many economical
steps that would have reduced the risk of cyber-attack in the workstation. The list of doable that
would have prevented the risk of cyber-attack in the workstation are listed below:
1. Train all the employees of the workstation so that they can get all idea about the principles of
cyber security.
2. All the computer that the Atrium Hospitality had would be always updated and the all the
system was expected to have antivirus installed in the systems.
3. The workstation should have used a firewall for using the Internet connection as it would stop
all malicious virus from entering into the system (Nizam et al., 2016).
4. All the personal data and the information of the guests should have been stored and kept as
backup for business information.
5. Accessing the personal computers and access the components of the network should have
physical control.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4INFORMATION SECURITY
6. All the Wi-Fi networks needed to have a security and the Wi-Fi should be hidden for security
purpose.
7. All the employees in Atrium Hospitality was expected to have a personal user account which
would lessen the risk of cyber-attack in the workstation (Guo et al., 2017).
8. The employees would have been limited to access the data and the information on the network
and they should also have limit on the installation of the software on the network of the
workstation.
9. They should regularly change the passwords of their personal accounts.
Part B
Comparison between WannaCry and the Petya cyber-attacks
Defining the cyber-attacks
WannaCry attack is a ransomware attack that was held in May 2017. This cyber-attack
was held worldwide by a malicious virus known as WannaCry ransomware cryptoworm. This
ransomware virus mainly attacks the Microsoft Windows Operating system by data encryption
and then demands for some ransom payments usually in Bitcoin crypto currency (Nissim et al.,
2018). The cryptoworm propagates through EternalBlue and then exploits the Windows system.
Previously also Microsoft released patches for closing the exploit. The WannaCry had spread
from those organizations only who had not applied the patches for closing the exploit.
Organizations who were using the older version of Microsoft faced the WannaCry attack. Also,
backdoors were installed in the infected systems by the WannaCry attack. This is a classic
6. All the Wi-Fi networks needed to have a security and the Wi-Fi should be hidden for security
purpose.
7. All the employees in Atrium Hospitality was expected to have a personal user account which
would lessen the risk of cyber-attack in the workstation (Guo et al., 2017).
8. The employees would have been limited to access the data and the information on the network
and they should also have limit on the installation of the software on the network of the
workstation.
9. They should regularly change the passwords of their personal accounts.
Part B
Comparison between WannaCry and the Petya cyber-attacks
Defining the cyber-attacks
WannaCry attack is a ransomware attack that was held in May 2017. This cyber-attack
was held worldwide by a malicious virus known as WannaCry ransomware cryptoworm. This
ransomware virus mainly attacks the Microsoft Windows Operating system by data encryption
and then demands for some ransom payments usually in Bitcoin crypto currency (Nissim et al.,
2018). The cryptoworm propagates through EternalBlue and then exploits the Windows system.
Previously also Microsoft released patches for closing the exploit. The WannaCry had spread
from those organizations only who had not applied the patches for closing the exploit.
Organizations who were using the older version of Microsoft faced the WannaCry attack. Also,
backdoors were installed in the infected systems by the WannaCry attack. This is a classic
5INFORMATION SECURITY
example of ransomware attack in which the victims are locked out and cannot access their data
and to make the data accessible, the hackers need payment that are demanded in bitcoins.
The Petya attack is a cyber-attack that intends on disruption and destruction other than
the monetary gain. Petya is basically a wiper malware which destroys the system and the data.
Petya is not a good way to make profit out of the attack. It only aims to attack the victim and
destroys the information of the victims in the system (Dwyer, 2018). The Petya attack is a
ransomware distinguished attack and the attack is used for true intentions. The Petya attack took
place in the month of June, 2017 just after one month from the WannaCry attack. The Petya
attack stoke the infrastructure of Ukraine. Around 60% of the systems in Ukraine were infected
by the Petya attack
Scope of the attacks
The scope of WannaCry in the European countries estimated as 200,000 infected
computers. There may be more number of computers who are affected by the WannaCry attack
including private as well as public organizations.
The scope of Petya attack spread in Kiev, which is the capital of Ukraine. In that city all
the ATMs stopped working and 80 miles around Kiev, the workers mainly forced to monitor
manually the radiation of a nuclear plant when the system failed (Mohurle & Patil, 2017). The
Petya ransomware attack also attacked the Australian chocolate factory. From there the attack
also spread in other businesses and in the government agencies of Ukraine and organizations in
some other countries a swell.
Operational details of the attacks
example of ransomware attack in which the victims are locked out and cannot access their data
and to make the data accessible, the hackers need payment that are demanded in bitcoins.
The Petya attack is a cyber-attack that intends on disruption and destruction other than
the monetary gain. Petya is basically a wiper malware which destroys the system and the data.
Petya is not a good way to make profit out of the attack. It only aims to attack the victim and
destroys the information of the victims in the system (Dwyer, 2018). The Petya attack is a
ransomware distinguished attack and the attack is used for true intentions. The Petya attack took
place in the month of June, 2017 just after one month from the WannaCry attack. The Petya
attack stoke the infrastructure of Ukraine. Around 60% of the systems in Ukraine were infected
by the Petya attack
Scope of the attacks
The scope of WannaCry in the European countries estimated as 200,000 infected
computers. There may be more number of computers who are affected by the WannaCry attack
including private as well as public organizations.
The scope of Petya attack spread in Kiev, which is the capital of Ukraine. In that city all
the ATMs stopped working and 80 miles around Kiev, the workers mainly forced to monitor
manually the radiation of a nuclear plant when the system failed (Mohurle & Patil, 2017). The
Petya ransomware attack also attacked the Australian chocolate factory. From there the attack
also spread in other businesses and in the government agencies of Ukraine and organizations in
some other countries a swell.
Operational details of the attacks
6INFORMATION SECURITY
The WannaCry, also known as WannaCrypt affects the vulnerabilities in the computers
which have Microsoft Windows and the attack is believed to use a technology that is developed
by the NSA (National Security Agency). And the technology was leaked by the hacker in the
month of April.
The vulnerabilities of the Windows Microsoft was safeguarded by updated Microsoft
Windows version that was released in March (Perlroth, Scott & Frenkel, 2017). There are many
organizations that rely on the dated software of computer are least vulnerable to the Petya
ransomware attack than the computers which are not up to date. All the software needed to be
updated for preventing the Petya attack.
The Petya ransomware attack spread like virus or worm from one machine to another.
This happens by luring the user to click on a link or to some attachment (Reiber 2018). Once the
virus gets the access of the computer, then it gets all the files encrypted, locks the computer of
the user, wants some ransom from the user and finally spreads to other computers connected to
that same network. This mainly happens in organizations that has wide computer networks.
The phishing attack generally spreads through attack done by email phishing. When a
system of user gets infected, the Petya ransomware attack encrypts all the data files on system
and presents the users a message about the encryption that has been done. Then the attacker
demands for ransom amount of money, particularly in Bitcoin if the users wants to restore the
files and access them (Fayi, 2018). The attackers also instructs the users about how to pay money
for the attack. When the user pays the ransom amount, then the attacker ends a decryption key to
the victim for restoring their files and accessing them accordingly.
Preventive Measures of the attacks
The WannaCry, also known as WannaCrypt affects the vulnerabilities in the computers
which have Microsoft Windows and the attack is believed to use a technology that is developed
by the NSA (National Security Agency). And the technology was leaked by the hacker in the
month of April.
The vulnerabilities of the Windows Microsoft was safeguarded by updated Microsoft
Windows version that was released in March (Perlroth, Scott & Frenkel, 2017). There are many
organizations that rely on the dated software of computer are least vulnerable to the Petya
ransomware attack than the computers which are not up to date. All the software needed to be
updated for preventing the Petya attack.
The Petya ransomware attack spread like virus or worm from one machine to another.
This happens by luring the user to click on a link or to some attachment (Reiber 2018). Once the
virus gets the access of the computer, then it gets all the files encrypted, locks the computer of
the user, wants some ransom from the user and finally spreads to other computers connected to
that same network. This mainly happens in organizations that has wide computer networks.
The phishing attack generally spreads through attack done by email phishing. When a
system of user gets infected, the Petya ransomware attack encrypts all the data files on system
and presents the users a message about the encryption that has been done. Then the attacker
demands for ransom amount of money, particularly in Bitcoin if the users wants to restore the
files and access them (Fayi, 2018). The attackers also instructs the users about how to pay money
for the attack. When the user pays the ransom amount, then the attacker ends a decryption key to
the victim for restoring their files and accessing them accordingly.
Preventive Measures of the attacks
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY
There are many ways to prevent a particular system or a computer network from
WannaCry attack or Petya attack. Some organization might hire some expertise to protect their
systems from such attackers. Others may follow some preventive measure internally so that they
may protect the computer networks (Guo et al., 2017). The ways to protect the computer
networks from ransomware attacks are stated below:
All the systems that are connected to a network and the system connected to the internet.
There are patches that protects the system from the ransomware attack.
The users should avoid as well as restrict the access of PsExec. Restricting the use of
admin tools such as PowerShell generally reduces the chances of ransomware attack.
There should be proper arranged backups for all the files that are in the computer network
or in the system (Raiyn, 2014). When the ransomware attacks demands for money, the
user may not pay for the ransom if they have a backup of all the files and information in
other systems.
Monitor continuously for any suspicious activities in the network of the organization. The
cyber protection team should always monitor the system for any suspicious activities.
There are many ways to prevent a particular system or a computer network from
WannaCry attack or Petya attack. Some organization might hire some expertise to protect their
systems from such attackers. Others may follow some preventive measure internally so that they
may protect the computer networks (Guo et al., 2017). The ways to protect the computer
networks from ransomware attacks are stated below:
All the systems that are connected to a network and the system connected to the internet.
There are patches that protects the system from the ransomware attack.
The users should avoid as well as restrict the access of PsExec. Restricting the use of
admin tools such as PowerShell generally reduces the chances of ransomware attack.
There should be proper arranged backups for all the files that are in the computer network
or in the system (Raiyn, 2014). When the ransomware attacks demands for money, the
user may not pay for the ransom if they have a backup of all the files and information in
other systems.
Monitor continuously for any suspicious activities in the network of the organization. The
cyber protection team should always monitor the system for any suspicious activities.
8INFORMATION SECURITY
References
Atrium Hospitality Notifies Hotel Guests of Compromise. (2018). Retrieved from
https://www.prnewswire.com/news-releases/atrium-hospitality-notifies-hotel-guests-of-
compromise-300615517.html
Case, D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid. Electricity
Information Sharing and Analysis Center (E-ISAC).
Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of
WannaCry. RAD Magazine, 44, 25-26.
Fayi, S. Y. A. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are.
In Information Technology-New Generations (pp. 93-100). Springer, Cham.
Guo, Z., Shi, D., Johansson, K. H., & Shi, L. (2017). Optimal linear cyber-attack on remote state
estimation. IEEE Transactions on Control of Network Systems, 4(1), 4-13.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the
gordian knot: A look under the hood of ransomware attacks. In International Conference
on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24).
Springer, Cham.
Kica, G. (2016). Adaptive Reuse of Tid Tower Into a Five Star Business Hotel (Doctoral
dissertation).
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
References
Atrium Hospitality Notifies Hotel Guests of Compromise. (2018). Retrieved from
https://www.prnewswire.com/news-releases/atrium-hospitality-notifies-hotel-guests-of-
compromise-300615517.html
Case, D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid. Electricity
Information Sharing and Analysis Center (E-ISAC).
Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of
WannaCry. RAD Magazine, 44, 25-26.
Fayi, S. Y. A. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are.
In Information Technology-New Generations (pp. 93-100). Springer, Cham.
Guo, Z., Shi, D., Johansson, K. H., & Shi, L. (2017). Optimal linear cyber-attack on remote state
estimation. IEEE Transactions on Control of Network Systems, 4(1), 4-13.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the
gordian knot: A look under the hood of ransomware attacks. In International Conference
on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24).
Springer, Cham.
Kica, G. (2016). Adaptive Reuse of Tid Tower Into a Five Star Business Hotel (Doctoral
dissertation).
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
9INFORMATION SECURITY
Nissim, N., Mahler, T., Shalom, E., Goldenberg, I., Hasman, G., Makori, A., ... & Shahar, Y.
(2018). Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging
Devices. arXiv preprint arXiv:1801.05583.
Nizam, F., Chaki, S., Al Mamun, S., & Kaiser, M. S. (2016, January). Attack detection and
prevention in the Cyber Physical System. In Computer Communication and Informatics
(ICCCI), 2016 International Conference on (pp. 1-6). IEEE.
Perlroth, N., Scott, M., & Frenkel, S. (2017). Cyberattack Hits Ukraine Then Spreads
Internationally. The New York Times.
Pollak, O. B. (2018). Welcome to Omaha. Arcadia Publishing.
Raiyn, J. (2014). A survey of cyber attack detection strategies. International Journal of Security
and Its Applications, 8(1), 247-256.
Reiber, J. (2018). The Fastest Way Across the Seas: Cyberspace Operations and Cybersecurity in
the Indo-Pacific. In Eurasia’s Maritime Rise and Global Security (pp. 83-94). Palgrave
Macmillan, Cham.
Nissim, N., Mahler, T., Shalom, E., Goldenberg, I., Hasman, G., Makori, A., ... & Shahar, Y.
(2018). Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging
Devices. arXiv preprint arXiv:1801.05583.
Nizam, F., Chaki, S., Al Mamun, S., & Kaiser, M. S. (2016, January). Attack detection and
prevention in the Cyber Physical System. In Computer Communication and Informatics
(ICCCI), 2016 International Conference on (pp. 1-6). IEEE.
Perlroth, N., Scott, M., & Frenkel, S. (2017). Cyberattack Hits Ukraine Then Spreads
Internationally. The New York Times.
Pollak, O. B. (2018). Welcome to Omaha. Arcadia Publishing.
Raiyn, J. (2014). A survey of cyber attack detection strategies. International Journal of Security
and Its Applications, 8(1), 247-256.
Reiber, J. (2018). The Fastest Way Across the Seas: Cyberspace Operations and Cybersecurity in
the Indo-Pacific. In Eurasia’s Maritime Rise and Global Security (pp. 83-94). Palgrave
Macmillan, Cham.
1 out of 10
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.