Ransomware Attacks and Prevention
VerifiedAdded on 2020/03/01
|8
|1969
|157
AI Summary
This assignment delves into the intricacies of ransomware attacks, analyzing their modus operandi, potential consequences, and methods for mitigation. It examines a specific case study involving a ransomware attack and discusses various preventive measures that organizations can implement to safeguard their systems and data. The analysis emphasizes the importance of robust security protocols, employee education, and timely software updates in combating ransomware threats.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: RESEARCH REPORT TASK
Research Report Task
Name of the Student
Name of the University
Author Note
Research Report Task
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1RESEARCH REPORT TASK
Table of Contents
Part A...............................................................................................................................................2
Answer 1......................................................................................................................................2
The problem.................................................................................................................................2
Occurrence of the attack and the possible solutions....................................................................2
Part B...............................................................................................................................................4
Question 1....................................................................................................................................4
The problem and its occurrence...................................................................................................4
Solution to prevent the attack......................................................................................................5
References........................................................................................................................................7
Table of Contents
Part A...............................................................................................................................................2
Answer 1......................................................................................................................................2
The problem.................................................................................................................................2
Occurrence of the attack and the possible solutions....................................................................2
Part B...............................................................................................................................................4
Question 1....................................................................................................................................4
The problem and its occurrence...................................................................................................4
Solution to prevent the attack......................................................................................................5
References........................................................................................................................................7
2RESEARCH REPORT TASK
Part A
Answer 1
The problem
In the month of March 6th, 2017, a faction of spammers that operated by the given name
River city Media accidentally discharged their confidential data into the cyberspace after its
failed attempt to appropriately construct their backups (www.rivcitymedia.com., 2017). This leak
was known as the ‘Spammergate’ which comprised the Hipchat logs, the records of domain
registration, the accounting details, the planning of the infrastructure, invention notes, scripts,
business affiliations and so on. The biggest innovation was the database of around 1.4 billion of
the email accounts, IP addresses, full names and physical addresses. Chris Vickery who is the
security researcher for Mackeeper found the information and reported the case to the authorities.
The River City Media is the lawsuit service and support company that focuses on the multi-
media aspects of the litigation support. From the discovery to the verdict, they offer a variety of
services that help to aid their client in illustrating their case. They are focused to the provision of
the personal and cost effective solutions for every one of their clients. The circumstances
presented a tangible threat to the online confidentiality and security as it involved a database of
1.4 billion email accounts combined with the real names, user IP addresses and often the
physical addresses.
Occurrence of the attack and the possible solutions.
The spam email operators’ faulty backup led to the leaks of 1.37 billion addresses. Chris
Vickery said that there were chances are it is an individual or any known person of the individual
is affected after one of the largest spam operations in the world’s database being rendered. This
Part A
Answer 1
The problem
In the month of March 6th, 2017, a faction of spammers that operated by the given name
River city Media accidentally discharged their confidential data into the cyberspace after its
failed attempt to appropriately construct their backups (www.rivcitymedia.com., 2017). This leak
was known as the ‘Spammergate’ which comprised the Hipchat logs, the records of domain
registration, the accounting details, the planning of the infrastructure, invention notes, scripts,
business affiliations and so on. The biggest innovation was the database of around 1.4 billion of
the email accounts, IP addresses, full names and physical addresses. Chris Vickery who is the
security researcher for Mackeeper found the information and reported the case to the authorities.
The River City Media is the lawsuit service and support company that focuses on the multi-
media aspects of the litigation support. From the discovery to the verdict, they offer a variety of
services that help to aid their client in illustrating their case. They are focused to the provision of
the personal and cost effective solutions for every one of their clients. The circumstances
presented a tangible threat to the online confidentiality and security as it involved a database of
1.4 billion email accounts combined with the real names, user IP addresses and often the
physical addresses.
Occurrence of the attack and the possible solutions.
The spam email operators’ faulty backup led to the leaks of 1.37 billion addresses. Chris
Vickery said that there were chances are it is an individual or any known person of the individual
is affected after one of the largest spam operations in the world’s database being rendered. This
3RESEARCH REPORT TASK
spam has exposed the entire operation to the public and leaked the email addresses due to the
fault backup (Amoroso, 2012). The holy grail of the spam process, private information that
included the actual names and the IP addresses have been disclosed through a smaller scale than
the email information that made up the vastness of the dataset. The River City Media is the
email-marketing firm that sends up around a billion messages a day to the spam filters across the
world. Chris Vickery was not able to completely verify the leak that had occurred but had found
the addresses he was aware of being exact in the database. The source of the data, the snapshot of
the backup that was made at some point in the month of January 2017 was by coincidence
published on the internet without the protection of the password, which added more reliability to
the leak. The individuals who were well informed about the cyber leak did not choose to sign up
for the massive advertisements over a billion times. According to Vickery, the most likely
scenario is a combination of the various techniques. One them is referred to as the co-
registration. This is the instance when the individual clicks on the button ‘Submit’ or the ‘I
agree’ box that will be seen next to all the small text on the website. The anti- spam organization
called as the Spamhaus that was working alongside Mackeeper and Vickery had used the
information that was contained in the leak to add the River City Media’s features to the database
and blacklisting the entire infrastructure of the firm. The breach was very large in nature
(Amoroso, 2012). When Chris Vickery had primarily reported that he had access to the dataset
that was leaked contained around 1.4 billion records. The government of India issued a statement
where the government denied that it was the source for the country’s federal ID system being
leaked. It was one of the few databases in the world, which contained more than a billion
characters. The speculation ran out of control until Vickery released the actual information. The
main reason for this cyber security breach was the careless setting up of the backup feature. The
spam has exposed the entire operation to the public and leaked the email addresses due to the
fault backup (Amoroso, 2012). The holy grail of the spam process, private information that
included the actual names and the IP addresses have been disclosed through a smaller scale than
the email information that made up the vastness of the dataset. The River City Media is the
email-marketing firm that sends up around a billion messages a day to the spam filters across the
world. Chris Vickery was not able to completely verify the leak that had occurred but had found
the addresses he was aware of being exact in the database. The source of the data, the snapshot of
the backup that was made at some point in the month of January 2017 was by coincidence
published on the internet without the protection of the password, which added more reliability to
the leak. The individuals who were well informed about the cyber leak did not choose to sign up
for the massive advertisements over a billion times. According to Vickery, the most likely
scenario is a combination of the various techniques. One them is referred to as the co-
registration. This is the instance when the individual clicks on the button ‘Submit’ or the ‘I
agree’ box that will be seen next to all the small text on the website. The anti- spam organization
called as the Spamhaus that was working alongside Mackeeper and Vickery had used the
information that was contained in the leak to add the River City Media’s features to the database
and blacklisting the entire infrastructure of the firm. The breach was very large in nature
(Amoroso, 2012). When Chris Vickery had primarily reported that he had access to the dataset
that was leaked contained around 1.4 billion records. The government of India issued a statement
where the government denied that it was the source for the country’s federal ID system being
leaked. It was one of the few databases in the world, which contained more than a billion
characters. The speculation ran out of control until Vickery released the actual information. The
main reason for this cyber security breach was the careless setting up of the backup feature. The
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4RESEARCH REPORT TASK
data was left exposed to anyone who had been poking around. Some of the documents showed
that spamming could be profitable in nature. The one leaked text reference in a single day of the
activity targeted the Gmail users with around 18 million emails and the AOL users with another
15 million. This was possible by the process of automation, years of exploration and a fair bit of
the illegal hacking practices. It is also not very uncommon for the spammers to share their
database or harvest the email addresses when the hackers tend to unload them online. This
explains how the individuals end up on the mailing lists that try to sell everything. The IP
addresses that were leaked helped Vickery, Ragan and Spamhaus that is the international
organization (which maintains and distributes the anti-spam lists to email providers) for
identifying the key components of the spammers’ infrastructure. The exposure in a short term
showed a drop in the number of spam emails in the inbox of the individuals.
Part B
Question 1
The problem and its occurrence
The ransomware cyber attack took place in May 2017. It was a universal cyber attack by
the Wannacry ransomware cryptoworm. This virus attacked the computers that were running on
the Microsoft windows operating system through encrypting the data and demanding the ransom
payments in Bitcoin cryptocurrency. The attack began on Friday, 12th of May 201, and in a day
infected more than 230,000 computers. The parts of U.K.’s National Health Services were
contaminated that caused it to run some of its services on an urgent situation basis only
throughout the attack. Then Spain's Telefónica, FedEx and Deutsche Bahn were also hit,
alongside with many other countries and companies wide-reaching. Wannacry propagates the use
data was left exposed to anyone who had been poking around. Some of the documents showed
that spamming could be profitable in nature. The one leaked text reference in a single day of the
activity targeted the Gmail users with around 18 million emails and the AOL users with another
15 million. This was possible by the process of automation, years of exploration and a fair bit of
the illegal hacking practices. It is also not very uncommon for the spammers to share their
database or harvest the email addresses when the hackers tend to unload them online. This
explains how the individuals end up on the mailing lists that try to sell everything. The IP
addresses that were leaked helped Vickery, Ragan and Spamhaus that is the international
organization (which maintains and distributes the anti-spam lists to email providers) for
identifying the key components of the spammers’ infrastructure. The exposure in a short term
showed a drop in the number of spam emails in the inbox of the individuals.
Part B
Question 1
The problem and its occurrence
The ransomware cyber attack took place in May 2017. It was a universal cyber attack by
the Wannacry ransomware cryptoworm. This virus attacked the computers that were running on
the Microsoft windows operating system through encrypting the data and demanding the ransom
payments in Bitcoin cryptocurrency. The attack began on Friday, 12th of May 201, and in a day
infected more than 230,000 computers. The parts of U.K.’s National Health Services were
contaminated that caused it to run some of its services on an urgent situation basis only
throughout the attack. Then Spain's Telefónica, FedEx and Deutsche Bahn were also hit,
alongside with many other countries and companies wide-reaching. Wannacry propagates the use
5RESEARCH REPORT TASK
of the EternalBlue that is an exploit of the Window’s Server Message Block protocol. Microsoft
for Windows 7 and Windows 8 used the emergency security patches. Nearly all the victims of
the cyber attack were running on Windows 7, which prompted a security researcher to argue that
its effects on Windows XP users were insignificant. The software contained a URL, on its
discovery by the security researcher the designated kill switch to shut down the respective
software before it executed the payload, and stopped the spread of the virus (O'Gorman &
McDonald, 2012). The Cyber security companies as the Kaspersky Lab and Symantechave said
that the code had some similarities with preceding being used by the Lazarus Group that believed
to had carried out the cyber attack on 2014 and 2016 which was linked to North Korea.
Wannacry began to affect the companies worldwide. The virus execution had a main program
that used the vulnerability to spread itself. It would encrypt the file and the ransom interface
would display the ransom information and decrypt the samples. When an individual is decrypting
a file, the mugger decrypts the sub-private key referred to as "00000000.eky" and then saves the
file as "00000000.dky" for decryption of the folder after getting the decrypted file. The trial itself
has an additional pair of primary RSA public keys and private keys. These are used to decrypt
the display files. Each one of the encrypted file uses a special AES key. If one wants to decrypt
the file, the individual needs to obtain the RSA sub-private input, decryption of the AES key of
the file header, and then use the AES key to decrypt files (Mercaldo et al., 2016). If there is no
RSA sub-private key, the AES input cannot be decrypted and the file cannot be decrypted.
Solution to prevent the attack
This attack could be prevented if a few measures had been followed. The backups should
have been made safe and secure in nature. Once the files have been encrypted the options that
one has is limited in nature. The recovery from the backups is one of them. The backups are
of the EternalBlue that is an exploit of the Window’s Server Message Block protocol. Microsoft
for Windows 7 and Windows 8 used the emergency security patches. Nearly all the victims of
the cyber attack were running on Windows 7, which prompted a security researcher to argue that
its effects on Windows XP users were insignificant. The software contained a URL, on its
discovery by the security researcher the designated kill switch to shut down the respective
software before it executed the payload, and stopped the spread of the virus (O'Gorman &
McDonald, 2012). The Cyber security companies as the Kaspersky Lab and Symantechave said
that the code had some similarities with preceding being used by the Lazarus Group that believed
to had carried out the cyber attack on 2014 and 2016 which was linked to North Korea.
Wannacry began to affect the companies worldwide. The virus execution had a main program
that used the vulnerability to spread itself. It would encrypt the file and the ransom interface
would display the ransom information and decrypt the samples. When an individual is decrypting
a file, the mugger decrypts the sub-private key referred to as "00000000.eky" and then saves the
file as "00000000.dky" for decryption of the folder after getting the decrypted file. The trial itself
has an additional pair of primary RSA public keys and private keys. These are used to decrypt
the display files. Each one of the encrypted file uses a special AES key. If one wants to decrypt
the file, the individual needs to obtain the RSA sub-private input, decryption of the AES key of
the file header, and then use the AES key to decrypt files (Mercaldo et al., 2016). If there is no
RSA sub-private key, the AES input cannot be decrypted and the file cannot be decrypted.
Solution to prevent the attack
This attack could be prevented if a few measures had been followed. The backups should
have been made safe and secure in nature. Once the files have been encrypted the options that
one has is limited in nature. The recovery from the backups is one of them. The backups are
6RESEARCH REPORT TASK
usually out of date and lack critical information. The patch systems have also to be updated.
There was a high hazardous protection hole in the Microsoft Windows. The consumers who did
not apply to the Microsoft’s March software fix. The malware that was designed to increase the
commerce and government networks. The ransomware virus sends an email to the users address.
Then when the individual on a machine belonging to the target organization’s network opens the
email, the virus affects the machine with ransomware. The virus spreads across all the machines
that are connected to the network (Tsagourias, 2012). The computer is then locked and exhibits a
message, which demands payment to restore the access. The updated patch system would have
avoided this. There should be use of anti-virus software that will protect the individual from the
most fundamental and well-known viruses through scanning the system being used against the
known fingerprints. The workforce should be educated. The basic protocol that is the workers
should not click on the problematic links or open the doubtful attachments. The system
administrators should guarantee that the employees do not have access to parts of their work that
are not important for their work. This would help to reduce the extend of ransomware if the
hackers get into the system of a human being. The shutting down of a network can avert the
continued encryption and the probable loss. The hackers at times encourage an individual to keep
the computer switched on and connected to the network. The individual should not be fooled by
the hackers. If a person is facing a ransom claim and has locked out the important files, law
enforcement and the cyber security experts discourage the payment of the ransom as it gives
reasons to the hackers and pays for their upcoming attacks.
usually out of date and lack critical information. The patch systems have also to be updated.
There was a high hazardous protection hole in the Microsoft Windows. The consumers who did
not apply to the Microsoft’s March software fix. The malware that was designed to increase the
commerce and government networks. The ransomware virus sends an email to the users address.
Then when the individual on a machine belonging to the target organization’s network opens the
email, the virus affects the machine with ransomware. The virus spreads across all the machines
that are connected to the network (Tsagourias, 2012). The computer is then locked and exhibits a
message, which demands payment to restore the access. The updated patch system would have
avoided this. There should be use of anti-virus software that will protect the individual from the
most fundamental and well-known viruses through scanning the system being used against the
known fingerprints. The workforce should be educated. The basic protocol that is the workers
should not click on the problematic links or open the doubtful attachments. The system
administrators should guarantee that the employees do not have access to parts of their work that
are not important for their work. This would help to reduce the extend of ransomware if the
hackers get into the system of a human being. The shutting down of a network can avert the
continued encryption and the probable loss. The hackers at times encourage an individual to keep
the computer switched on and connected to the network. The individual should not be fooled by
the hackers. If a person is facing a ransom claim and has locked out the important files, law
enforcement and the cyber security experts discourage the payment of the ransom as it gives
reasons to the hackers and pays for their upcoming attacks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RESEARCH REPORT TASK
References
Amoroso, E. G. (2012). Cyber attacks: protecting national infrastructure. Elsevier.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal Techniques
for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.
Tsagourias, N. (2012). Cyber attacks, self-defence and the problem of attribution. Journal of
Conflict and Security Law, 17(2), 229-244.
www.rivcitymedia.com. (2017). River City Media. Rivcitymedia.com. Retrieved 23 August
2017, from http://www.rivcitymedia.com/#about
References
Amoroso, E. G. (2012). Cyber attacks: protecting national infrastructure. Elsevier.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal Techniques
for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.
Tsagourias, N. (2012). Cyber attacks, self-defence and the problem of attribution. Journal of
Conflict and Security Law, 17(2), 229-244.
www.rivcitymedia.com. (2017). River City Media. Rivcitymedia.com. Retrieved 23 August
2017, from http://www.rivcitymedia.com/#about
1 out of 8
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.