Ransomware Attacks: Bad Rabbit and TeslaCrypt
Added on 2022-12-18
12 Pages2923 Words2 Views
Running head: COMPUTER SECURITY
COMPUTER SECURITY
Name of the Student:
Name of the University:
Author Note:
COMPUTER SECURITY
Name of the Student:
Name of the University:
Author Note:
COMPUTER SECURITY
1
Table of Contents
Introduction................................................................................................................................2
Operation of the Ransomware....................................................................................................2
Identification of Ransomware Attack........................................................................................5
Bad Rabbit..............................................................................................................................5
TeslaCrypt..............................................................................................................................7
Summary....................................................................................................................................9
References................................................................................................................................10
1
Table of Contents
Introduction................................................................................................................................2
Operation of the Ransomware....................................................................................................2
Identification of Ransomware Attack........................................................................................5
Bad Rabbit..............................................................................................................................5
TeslaCrypt..............................................................................................................................7
Summary....................................................................................................................................9
References................................................................................................................................10
COMPUTER SECURITY
2
Introduction
Ransomware attacks specifically refer to that sort of attack where the cyber security
of an individual or all of the employees within the organization get affected. Such attacks
breach the security of the systems the employees work in, having secured all of the
information present within the system blocking the access from that of the user, and
demanding money in return for the decryption password. With the help of the decryption
password the user will again have the provision to access their systems with all of the
information in the same form as it was (Brewer, 2016). Two of the most recent activities
related to that of the ransom ware attacks have been selected specifically for this report. The
two selected ransom ware are namely referred to as the Bad Rabbit and TeslaCrypt. Two of
these attacks have been approached with a clear view having run upon with a detailed
research to gather all the related information to the ransom ware.
Operation of the Ransomware
Two of the most uprising ransomware attacks that have occurred within the period of
2017 to 2019 have been described in below as to how they have been working and affecting
the working of an organization in relation to a live setting. These are,
Bad Rabbit- refers specifically to that Ransomware, which had broken out on October
24th in the year of 2017 attacking almost every single existing organization relying in
the regions of Russia having victimized people from selective regions of Ukraine as
the reports have suggested.
According to the observations, this particular working within any live environment
within the organization spreads with the help of a drive-by attack. However, this
specific attack instills a malware within the system it aims to attack (Lee, Kim &
Kim, 2019). The malware waits for a specific time of around 10-60 minutes after the
2
Introduction
Ransomware attacks specifically refer to that sort of attack where the cyber security
of an individual or all of the employees within the organization get affected. Such attacks
breach the security of the systems the employees work in, having secured all of the
information present within the system blocking the access from that of the user, and
demanding money in return for the decryption password. With the help of the decryption
password the user will again have the provision to access their systems with all of the
information in the same form as it was (Brewer, 2016). Two of the most recent activities
related to that of the ransom ware attacks have been selected specifically for this report. The
two selected ransom ware are namely referred to as the Bad Rabbit and TeslaCrypt. Two of
these attacks have been approached with a clear view having run upon with a detailed
research to gather all the related information to the ransom ware.
Operation of the Ransomware
Two of the most uprising ransomware attacks that have occurred within the period of
2017 to 2019 have been described in below as to how they have been working and affecting
the working of an organization in relation to a live setting. These are,
Bad Rabbit- refers specifically to that Ransomware, which had broken out on October
24th in the year of 2017 attacking almost every single existing organization relying in
the regions of Russia having victimized people from selective regions of Ukraine as
the reports have suggested.
According to the observations, this particular working within any live environment
within the organization spreads with the help of a drive-by attack. However, this
specific attack instills a malware within the system it aims to attack (Lee, Kim &
Kim, 2019). The malware waits for a specific time of around 10-60 minutes after the
COMPUTER SECURITY
3
desired infection has been done before the system reboots itself. Specifically the
reboot gets scheduled with the usage of “shutdown.exe” tools and all other tools,
which perform the similar function. Once the procedure of reboot gets completed, the
process of encryption of the MFT table starts within the NTFS secured partitions,
having overwritten the specific MBR along with the customized loader having the
addition of a specific ransom note.
This specific malware enumerates all of the existing adapters for the network, all the
renowned names of the server with the help of the NetBIOS as well as the retrieval of
the list relating to the current lease of DHCP depending upon the availability
(Maniath, Poornachandran & Sujadevi, 2018). Each of the IP present upon the local
network along with each of the server that are found is kept a check upon the TCP
ports 445 as well as 139, which are open. Specifically, these kinds of machines have
all of these ports attached to them, which are open and are then followed by a similar
attack by one of the methods that have described above.
Resources 1 as well as 2 relating to the malware binary, which contains two of the
versions referring to the standalone tool that makes all of the tries towards the
extraction of all the login details along with that of the password for each individual
users. This tool referring to that of the malware is completely run by the main binary
(Scaife et al., 2016). All of the extracted data gets transferred back to the primary
module with the help of a pipe having a random GUID related name.
TeslaCrypt- this particular malware was spread with the usage of social engineering to
compel a specific user to have a click upon a particular link linked to that of the
phishing email as well as the later on activity of adding all of the related malicious
attachment to those of the emails. It also makes use of the technique of malvertising in
3
desired infection has been done before the system reboots itself. Specifically the
reboot gets scheduled with the usage of “shutdown.exe” tools and all other tools,
which perform the similar function. Once the procedure of reboot gets completed, the
process of encryption of the MFT table starts within the NTFS secured partitions,
having overwritten the specific MBR along with the customized loader having the
addition of a specific ransom note.
This specific malware enumerates all of the existing adapters for the network, all the
renowned names of the server with the help of the NetBIOS as well as the retrieval of
the list relating to the current lease of DHCP depending upon the availability
(Maniath, Poornachandran & Sujadevi, 2018). Each of the IP present upon the local
network along with each of the server that are found is kept a check upon the TCP
ports 445 as well as 139, which are open. Specifically, these kinds of machines have
all of these ports attached to them, which are open and are then followed by a similar
attack by one of the methods that have described above.
Resources 1 as well as 2 relating to the malware binary, which contains two of the
versions referring to the standalone tool that makes all of the tries towards the
extraction of all the login details along with that of the password for each individual
users. This tool referring to that of the malware is completely run by the main binary
(Scaife et al., 2016). All of the extracted data gets transferred back to the primary
module with the help of a pipe having a random GUID related name.
TeslaCrypt- this particular malware was spread with the usage of social engineering to
compel a specific user to have a click upon a particular link linked to that of the
phishing email as well as the later on activity of adding all of the related malicious
attachment to those of the emails. It also makes use of the technique of malvertising in
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ransomware Attacks and Data Securitylg...
|11
|2489
|194
Assignment on IT Securitylg...
|11
|2440
|125
Assignment on CYBER SECURITY: WannaCry Attacklg...
|12
|2488
|20
Challenges of Ransomware Attacklg...
|6
|1421
|22
Computer Security Report 2022lg...
|14
|3515
|48
Information System Security: Threats and Solutions for Google Companylg...
|19
|4845
|128