logo

Assignment On Risk Mitigation and Security Plan

   

Added on  2020-04-01

14 Pages2958 Words38 Views
Running head: RISK MITIGATION AND SECURITY PLANRansomware Threats and Mitigation Plan Name of the StudentName of the UniversityAuthor’s Note
Assignment On Risk Mitigation and Security Plan_1
1RISK MITIGATION AND SECURITY PLANTable of ContentsIntroduction......................................................................................................................................2Background......................................................................................................................................2Risk and Security concerns of Ransomware...................................................................................3Strategies for addressing Risks and Security Concerns...................................................................6Conclusion and Future Trends.......................................................................................................10References......................................................................................................................................12
Assignment On Risk Mitigation and Security Plan_2
2RISK MITIGATION AND SECURITY PLANIntroduction The report is aimed to present the scenario of ransomware attack over several ranges ofsectors such as healthcare, government, and telecommunication. The ransomware attack isidentified as “WannaCry” and it gradually spread over 150 countries and within 300,000systems. The most affected countries are recognized to be China and Russia and the reason isidentified to usage of legacy software and significant impacts especially for UK National HealthService (Shackelford, 2017). The spread of ransomware clogged the working and activity ofthese sectors even after launching the attack in the first place. As per the major findings, the“Kill Switch” did the trick of slowing the activities of the affected sectors. Background “WannaCry” ransomware attack is one kind of ransomware that extorts as a malware andit can encrypt files, disks, and it can lock computers. The malware makes demands ofapproximate value of $300 to $600 as payment over Bitcoin accounts within three days in placeof decrypting the stolen files. “WannaCry” spreads throughout SMB (Server Message Block)protocol that operates over 445 and 139 ports (Mohurle & Patil, 2017). Windows operatingsystem typically uses it for make communication between file systems inside a network grid.When the ransomware is successfully installed in a system; this ransomware first scans throughthe entire system to find out vulnerabilities exist. “WannaCry” ransomware first checks aboutbackdoors inside the system such as DoublePulsar duly exist in the affected systems (Collier,2017). DoublePulsar and EternalBlue, both can exploit SMB vulnerability and this information
Assignment On Risk Mitigation and Security Plan_3
3RISK MITIGATION AND SECURITY PLANwas disclosed from Shadows hacking group in April. How the attack is conducted and how ithampers the system activities are mentioned in following steps: 1.Attackers utilize yet-to-be-confirmed attack vector initially 2.“WannaCry” encrypts all files in victim’s system with using AES-128 cipher.The ransomware deletes the encrypted files’ shadow copies and then it showsa ransom note in front of user requesting $300 or $600 in Bitcoin. 3.Tor.exe is utilized from wannacrydecryptor.exe; and this initiates between tornode connections in order to connect with the attacker (Gordon, Fairhall &Landman, 2017). This way, the tor.exe makes the attack completely difficultfor tracking the attacker and it is considered as impossible to track down theattacker.4.For infected system, the IP address is checked and then the IP addresses oversimilar subnet are scanned so that additional insecure and vulnerable systemscan be connected through port 445 over TCP protocol (Batcheller et al., 2017).5.Once, one system is connected successfully, the containing data exploitpayload is transferred. Risk and Security concerns of RansomwareGlobal impact of “WannaCry” ransomware is high and it stated that on an overallmeasure; over 226,800 ransomware occurred as of May 2017. On an estimate, approximately 30-40 publicly known companies were under likely category that faced major impact fromransomware attack (Martin, Kinross & Hankin, 2017). There were instances of Russian InteriorMinistry, Telefonica (Spain’s largest telecommunication organization), and FedEx. UK National
Assignment On Risk Mitigation and Security Plan_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
IT Security Management
|12
|2958
|324

WannaCry Ransomware Attack 2017: Target, Working, Damage, Detection
|10
|2236
|76

Ransomware Attacks: WannaCry and NotPetya
|10
|1871
|366

Wannacry: A Cyber-Warfare in Modern Times
|11
|2953
|469

This vulnerability allows the attackers
|21
|1135
|15

(PDF) Overview of Cyber Security
|8
|1545
|60