Contemporary Computer Security Issues: A Detailed Report and Analysis

Verified

Added on 2022/09/07

AI Summary

This report provides a detailed analysis of contemporary computer security issues, focusing on the Toll Group ransomware attack and its impact on the organization. The report delves into the technical aspects of the NetWalker ransomware, including its method of operation, the specific actions taken by the Toll Group, and the consequences of the attack. Furthermore, the report examines a second case study, the Champaign-Urbana Public-Health District, also affected by NetWalker, highlighting the vulnerabilities and impact of ransomware on healthcare systems. The report explores the specific actions taken by both organizations to mitigate the attacks and offers a comprehensive overview of the challenges and implications of these cyber threats.

Running head: CONTEMPORARY COMPUTER SECURITY ISSUES
CONTEMPORARY COMPUTER SECURITY ISSUES
Name of the Student:
Name of the university:
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CONTEMPORARY COMPUTER SECURITY ISSUES
Table of Contents
Introduction:-...................................................................................................................................2
Task 1 Toll group Ransomware Attack:-.....................................................................................3
Background:-...........................................................................................................................3
Impact:-....................................................................................................................................3
Aims: -.....................................................................................................................................3
Specific Action:-......................................................................................................................4
Details:-....................................................................................................................................4
Opinion:-..................................................................................................................................6
Task 2:- Champaign-Urbana Public-Health District...................................................................7
Background:-...........................................................................................................................7
Impact:-....................................................................................................................................7
Aims:-......................................................................................................................................8
Specific action:-.......................................................................................................................8
Details:-....................................................................................................................................9
Summary:-.....................................................................................................................................11
References:-...................................................................................................................................12

2
CONTEMPORARY COMPUTER SECURITY ISSUES
Introduction:-
The word "Ransomware" is a category of malware from crypto virology that impends to
distribute the victim's documents or continually block access to it without payment is paid.
Ransomware enters any user network in a variety of techniques, and the most prevalent is a
download through a junk email content. The download then implements the ransomware
sequencer that attacks any network system. In this report are describe one specific type of
ransomware which named net walker or "mailto". Two prominent organizations are recently
affected by this ransomware. In this report are mainly focused on two organization who are
suffered from this dangerous attack in recent time.
Task 1 Toll group Ransomware Attack:-
Background:-
This attack occurs in 2nd February 2020, and the specific name of this attack is net-walker
or mailto ransomware attack. The logistics authority declared on this day that its recovery
involved a synchronized effort between several parties, in part to deliver declaration that it had
destroyed the malware. The malware is assumed to have harmed up to 950-1050 servers,
impacting around 500 business applications and cooperating critical systems counting Active
Directory.
Impact:-
For this attack Toll group purposefully shut down several systems across several sites and
commercial units to cover the ransomware. For this attack the organization was forced to
provisionally immobilize its online booking system, returning to phone booking.

3
CONTEMPORARY COMPUTER SECURITY ISSUES
Aims: -
Research says that this attack is very comparable to several targeted ransomware attacks
intended at businesses that trust on knowledge to distribute time-sensitive, critical facilities or
goods (Scaife et al., 2016). By purposefully targeting companies that cannot control well with
any interruption, these cyber offenders exploit the probabilities that their victims will
recompense the ransom to improve their facilities. Healthcare establishments, local and state
government, manufacturing control systems and now delivery businesses characterize ripe
targets for these intensive ransomware operations.
Specific Action:-
This organization maintains some fundamental criteria to defend this type of attacks.
They keep their antivirus software and other safety tools launched on the devices updated for
recognition and anticipation of the range of Mailto ransomware (Less et al., 2019). This
organization apply content screens on messages in boxes to avoid hateful content from reaching
operators and thus dropping the prospect of a potential compromise. Toll group Patch their
system servers regularly to control the movement of the attack within a network and bound the
number of hosts obstructed post-effective infection. Toll group also apply network separation to
partition the more significant networks into lesser sections for separating infrastructures between
particular services and hosts. The toll group trained their workers and operators to progress
cyber-security consciousness and create them cyber ready.
Details:-
This attack has become dynamic recently as it aims to affect the government agencies and
enterprise. Net Walker ransomware was revealed in August 2019. Net Walker settles the network
and encodes every Windows devices linked to it. The hacker applies a method named “Process

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CONTEMPORARY COMPUTER SECURITY ISSUES
hollowing” to introduce the payload into ‘explorer.exe’. This method happens when a procedure
is shaped in an adjourned state, and then its memory is replaced and unmapped with malicious
code.
Source :- (Gatlan, 2020)
Net Walker negotiates networks and encodes every Windows devices linked to them,
Signaling Computer specified. When implemented, Net Walker applies an embedded formation
that contains a ransom note pattern, ransom note file designations and several configuration
alternatives.
After the payload injects to the genuine 'explorer.exe' process happened, it deposited a
new example of 'explorer.exe', and the innovative, executable procedure will be destroyed. When
a standard user expresses at their task manager, they would not understand a doubtful
performance since the payload hides below an authentic process (Xiao et al., 2016). Another
confirmation that user has for the injection of payload to the surveyor is the path, which is the
actual explorer procedure that is positioned in WINDOWS path they can transmit that to the
detail that the malicious file is 32-bit. An example of a 32bit explorer will execute over the 64-bit
operating system.

5
CONTEMPORARY COMPUTER SECURITY ISSUES
Source: - (Ransomware: Past, 2020)
Opinion:-
Toll Group is one of the most prominent logistic organization in all over Australia. Some
days ago, they were suffering from the most significant ransomware attack named net walker.
But this report reader believes that toll groups are not ready to defend this attack. At first, this
type of ransomware is very much new, and specific IT specialist is aware of this attack
(Sgandurra et al., 2016).This logistic organization's employee is not so much aware of these
attacks and outcomes. It is very much dangerous for this organization. The IT security structure
is not up to the mark of this organization. That is the reason Toll groups IT team are not

6
CONTEMPORARY COMPUTER SECURITY ISSUES
detecting this type of attack in a primary stage. That is the reason Toll group are disabled their
every online system. The customer can only contact them through telephonic media.
Task 2:- Champaign-Urbana Public-Health District
Apart from the Toll group, this attack also affected another organization named
Champaign-Urbana Public-Health District.
Background:-
According to the reports, representatives at the Champaign-Urbana Public Health District
became conscious of the ransomware attack on 10th arch 2020 when the department’s official
website went down. It removed the agency, which helps 240000 persons in central Illinois, just a
limited time to control that malevolent actor had directed C-UPHD with Net Walker. Else
recognized as Mailto, Net Walker involved the consideration of Paging Processor in February
2020 after the workstation self-assist site learned from its bases that the risk was exactly
directing complete networks and encoding every of the Windows tools associated to them. Net
Walker then necessitated huge ransom quantities from their sufferers in the conversation for
helping them improve their webs.
Impact:-
In modern time human are very much suffering from COVID-19 viruses. In this
healthcare organization are diagnose the COVID-19 affected people. The net-walker ransomware
attack the hospital diagnosis system. Which are creates some hazardous situations in between
patients and authority. For this attack, the hospital authority loses a huge number of patient's
information, such as medical records and confidential evidence.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
CONTEMPORARY COMPUTER SECURITY ISSUES
Aims:-
Hackers disturb universal healthcare systems in the finest of times, and they’re out in full
power right now, through the wickedest of times (Sadeq, 2017). An innovative Windows
ransomware risk, known as Net Walker, is being transported via phishing outbreaks that target
hospital workers. The mischievous phishing messages look to cover evidence regarding the
coronavirus, creating the emails appealing bait that effectively dupe targets. Previous this month,
the risk exposed healthcare facilities in Illinois within the C-UPHD. Affiliated workers were
incapable of accessing essential documents, which was detained convict by the ransomware.
To the recognition of C-UPHD, mail IDs, patient e-health evidence, and other
unremarkable tools had been stimulated into cloud storing six months prior (Kharaz et al., 2016).
Accordingly, this type of attack provisionally paralyzed the structure, but the authority continued
ability to deliver regular patient facilities. Directing the coronavirus disease has converted into a
multi-pronged encounter for healthcare experts. But taking steps to defend cyber arrangement
can balance these immorally called types of attacks.
Specific action:-
This healthcare organization also takes some specific action to defend this attack. When
this authority identifies that attack, then they immediately shut their all official websites. After
that, the authority restore compressed files from an identified good backup. Restoration of an
organization's files from standby is the fastest technique to recover the data access. These
organization declared that they updated all system database with applicable patches (Mohurle &
Patil,, 2017). This healthcare organization also use trustworthy antivirus firewall and antivirus.
Keeping a robust firewall and observance its safety software updated. It’s vital to apply antivirus
software from a reliable business because of all the pirated software out there.

8
CONTEMPORARY COMPUTER SECURITY ISSUES
Details:-
Ransomware is a mischievous software that locks persons out of their processers. Victims
normally accept a ransom request for the encryption key to recover data access. According to
Mat Deem, a client facility representative at Streamlined Processors of Champaign. Net Walker
hides in an indispensable Windows action to avoid antivirus exposure. By applying a method of
"process hollowing" to attain this process command injection, the ransomware performers hope
to avoid detection. Process hollowing is a protection evasion method, un-mapping structure of a
postponed state procedure and substituting it with malevolent code, which is active against
signature-based finding and whitelisting.
Source: - ("Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo
(NetWalker) Ransomware | VMware Carbon Black", 2020)
The ransomware applies self-injection to conceal a portion of the ransomware formation.
It is also inserting the configuration into the sources unit of the PE file. As the ransomware
completes this unloading in-memory, physical debugging of the model is compulsory to trace the

9
CONTEMPORARY COMPUTER SECURITY ISSUES
unloading stub. After additional debugging, the user comes across an entirely new file as
exposed by the header.
Source: - (Ransomware: Past, 2020)
The hard disk, recorded network drives, and synchronous devices are encoded and
notification with commands to pay the redemption to reestablish the innovative files (Scaife et
al., 2016). This notice perseveres, and at times removes files, as a regulator counts down to the
termination of being capable of regaining the expose keys, putting dangerous pressure on the
operator. Furthermore, the attacker’s exploit kit can continue and axis to another critical method.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
CONTEMPORARY COMPUTER SECURITY ISSUES
Source: - (Ransomware: Past, 2020)
Summary:-
In this report describe the net walker ransomware, which is very uncommon and
innovative software. These are mainly targeted hospital authority and logistic organization. Toll
group and C-UPHD both organization are affected by this ransomware in February 2020. In this
report are described in a detailed structure of two organization's action plan for fighting these
attacks. This attack is creating some crucial impact throughout the organization, and till now,
both business industry cannot find the root of theses attack.

11
CONTEMPORARY COMPUTER SECURITY ISSUES
References:-
Gatlan, S. (2020). New Ransomware Strain Halts Toll Group Deliveries. Retrieved 8 April 2020,
from https://www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-
toll-group-deliveries/
Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., & Kirda, E. (2016). {UNVEIL}: A large-
scale, automated approach to detecting ransomware. In 25th {USENIX} Security
Symposium ({USENIX} Security 16) (pp. 757-772).
Less, B., Dutton, S., Li, X., Clark, J., Walker, I., & Sherman, M. (2019). Smart Ventilation for
Advanced California Homes–Single Zone Technology Task (No. LBNL-2001206).
Lawrence Berkeley National Lab.(LBNL), Berkeley, CA (United States).
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017.
International Journal of Advanced Research in Computer Science, 8(5).
Ransomware: Past, a. (2020). Ransomware: Past, Present, and Future. Retrieved 8 April 2020,
from https://blog.talosintelligence.com/2016/04/ransomware.html
Sadeq, A. E. (2017). Regionalism in Alice Walker’s The Color Purple. Studies in Literature and
Language, 14(6), 1-7.
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it):
stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference
on Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE.