logo

ITC595 Information Security

12 Pages2472 Words132 Views
   

Information Security (ITC595)

   

Added on  2020-02-24

ITC595 Information Security

   

Information Security (ITC595)

   Added on 2020-02-24

ShareRelated Documents
Running head: INFORMATION SECURITYInformation SecurityName of the StudentName of the UniversityAuthor Note
ITC595 Information Security_1
1 INFORMATION SECURITYTable of ContentsPart A...................................................................................................................................2Introduction......................................................................................................................21. Problem Definition......................................................................................................22. How it was caused?.....................................................................................................33. Why it occurred?..........................................................................................................34. Cause and Effect..........................................................................................................45. Possible Solutions........................................................................................................4Conclusion.......................................................................................................................4Part B...................................................................................................................................6Introduction......................................................................................................................61. Problem Definition......................................................................................................62. Cause and Effect of the Attack....................................................................................63. How was the attack carried out?..................................................................................74. What could have been done to prevent the attack?......................................................8Conclusion.......................................................................................................................8References..........................................................................................................................10
ITC595 Information Security_2
2 INFORMATION SECURITYPart AIntroductionNotPetya ransomware attack is similar to the worldwide wannaCry attack or even worse.This is because the main aim of the NotPetya ransomware was not only the money making butalso the destruction of the affected data (Shackelford, 2017). The most unique or dangerous thingabout NotPetya was that, instead of using unique cryptocurrency wallet, NotPetya linked to asingle bitcoin wallet. The problem definition, the cause and effect of the attack is discussed inthis report. The report further discusses the possible solution to the problem in the followingparagraphs.1. Problem Definition This major ransomware attack has spread through US and Europe in June 2017 and isvery similar to the WannaCry ransomware attack of May 2017 or even worse. NotPetya used themodified version of the NSA’s stolen and leaked EthernalBlue previously used by WannaCry.The problem with the system was that, it attacked business computers and encrypted all theimportant files (Chakraborty, Pierazzi & Subrahmanian, 2017). The attackers then demanded anamount of $300 in bitcoins. However, the payment was not feasible. The attack was firstidentified in Ukraine. It targeted mainly the business organizations, which includes banks, statepower utility and metro system. The radiation monitoring system at Chernobyl was affected andwas taken offline that forced the employees to use the hand help counters present. It was atargeted and massive global malware attack that affected majorly the windows servers, PCs andlaptops. A malware group shadow brokers leaked EthernalBlue, which was the source of thisattack, in April. The wannaCry incident had alarmed the users about the data security measures
ITC595 Information Security_3
3 INFORMATION SECURITYthat are needed to be taken in order to prevent these attack. They had installed the patch toprotect themselves from the WannaCry, which could have helped them to protect againstNotPetya as well. However, the Petya ransomware has two other ways of spreading, mainlytargeting the network’s administrator tools (Naved, 2017 ). The attack further affected all thebusiness units of Maersk. This included the container shipping, port operations, oil and gasproduction and so on. 2. How it was caused?Notpetya gained the administrator access on a single machine and used that power to gainaccess to all the computers of the same network. It took the advantage of an idea that includeduse of a flat network in an organization. In flat network, one administrator computer on oneendpoint has the power to control all the other machines or can transfer the credentials present inthe memory until control over the windows network is achieved. Apart from using the NSAexploits BlueEthernal, trapping users by appearing as administrator and running a trapped emailattachments that installs and runs the malware into the system (Akkas, Chachamis & Fetahu,2017). NotPetya probably got the access of corporate network with the help of a hijackedsoftware update used for Ukrainian software tool, which was carried on with via phishing emails.3. Why it occurred? NotPetya was even more advanced than WannaCry, which helped them to access thecomputer system even after proper security measures that were taken by the authorities after theWannaCry attack in May 2017. The NotPetya ransomware gained access to the administratorcomputer and found passwords of the other computer in order to infect those systems as well.The requirements of the attacker were very simple. They only needed one un-patched computer
ITC595 Information Security_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Computer Security Breach in Notpetya Cyber Attack
|10
|2248
|160

Ransomware Attacks: WannaCry and NotPetya
|10
|1871
|366

Potential Threats and Mitigation Tools for Ransomware
|10
|2689
|368

The WannaCry Ransomware: Concept, Impact, and Response
|13
|774
|175

Information Security in an Organization
|12
|2808
|45

Security threats Assignment PDF
|17
|5254
|133