Exploring WannaCry and Petya Ransomware Attacks

Verified

Added on  2019/09/23

|11
|3802
|406
Report
AI Summary
The WannaCry and Petya attacks were ransomware attacks that targeted Windows computers without the latest patch, resulting in the encryption of files and a demand for ransom payment. The attacks used amateurish payment mechanisms and did not provide a means for victims to communicate with attackers after paying the ransom. Both attacks focused on encrypting files and collecting ransom from affected users, targeting large organizations such as airports, banks, and health service providers. To prevent such incidents, it is essential to keep computers updated and predict potential security threats by taking necessary actions in advance.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
TASK 1
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Task 1: PART A
The cyber security breaches have become one of the most threatening factors for the internet
users. The users of internet often need to share their personal information over internet. However
, due to increasing use of internet, everyday this huge amount of data , uploaded by the users are
being exposed to thousands of security threats on regular basis (Buczak & Guven, 2016).
Although the sites on the internet are taking several steps to protect themselves from the security
threats, still there are many instances which reveal vulnerability of the data shared on internet.
The current research deals with analysis on the recent incident of data security breach from the
health app, MyFitnessPal. In March, 2018, the security of the personal data of the millions of
MyFitnessPal users was compromised (An & Kim, 2018). In the research , nature of the problem
was analyzed and discussed. The research also includes discussion on how and why the problem
has occurred. In this study, the researcher has also discussed how the incident of security breach
could have been prevented.
Analyzing the problem:
The fitness app, MyFitnessPal has approximately 150 million users. The app collects personal
details of the users. Recently, in March 2018, the personal data of the 150 million users was
affected due to the security hacks (An & Kim, 2018). As reported by the owner organization,
Armour , it is one of the biggest security hacks in the history. As notified by the organization,
Armour, the names of the users, their e-mail addresses and the passwords. In addition, the owner
organization has also informed that the payment details of the users were not affected due to the
security hack. The accounts of the users were hacked in February, 2018. The incident of hacking
reduced share of the organization down upto 3% in the after-hours trade (Ivanchenko ey
al.2018). The company has not recognized the breach till 25th march and informed its users 4
days later.
Discussion on the cyber security breach of MyFitnessPal indicates that security of the financial
data of the users was not compromised. However, security breach of the e-mail addresses of the
users can have devastating effects. Stealing of the data stored by MyFitnessPal App is considered
as several times more valuable than the financial data stealing. The app, MyFitnessPal, stores
2
Document Page
huge amount of personal data which can be effective for tracking an individual. The personal
information regarding the individuals is considered as an excellent source of intelligence for the
hackers. In case of MyFitnessPal app, the location as well as the performance of the individuals
according to privacy policy of the app. In addition, the information shared by the users
voluntarily with the app also can be used as a source of intelligence.
How and why the problem has occurred:
The data breach of the MyFitnessPal app has occurred in February 2018 although the
organization had discovered it in March, 2018 (Ivanchenko ey al.2018). The hackers who were
behind the data security breach are not identified yet. The organization has informed that it is
still working with the leading data security firms to explore the reasons behind the security
breach. The organization has not provided any detailed information regarding how the hackers
were able to get access to the data.
However, after the breach has been occurred, the password of the accounts and the links from
suspicious sources were considered as vulnerable for the data security. Therefore, the users were
requested to review their accounts and change the password after the security breach was
identified. The app does not deal with the information like the driving license number or the
social security number. So, such information of the users has not been disclosed due to the
security breach. The financial details of the users such as the credit card related information is
processed differently than the other types of information. So, the financial data security was not
affected any way.
As the risks of hacking are increasing every day, no app or website can be considered as
completely safe (Gupta et al.2016). The hackers are always looking for new ways to breach the
security of information spread over the internet. Therefore, the organizations, which share the
data of customers over the internet, require focusing on enhancing the security of the
information. The potential reasons behind the security attack can be the phishing, hacking and
the malware threats, mistakes done by the employees or any improper action taken by them, the
external theft related activity, the internal theft , the risks posed by the vendors and the improper
disposal of the data.
3
Document Page
Phishing, hacking and malware attacks:
In 2014, the human error was considered as one of the leading causes behind the data security
attack. Often the individuals who use the data published over internet do not remain aware of the
security risks as well as the best practices to protect the data from a number of security threats.
Because of the improper actions taken by these individuals, the data shared on the internet get
exposed to the higher security risk. In case of MyFitnessPal app, the management has suspected
that the hacking can be done through the suspicious links on the app and so, suggested the users
not to click on such links for avoiding the risk of security threats. Exposing the confidential
information such as the password to unauthorized individuals can be threatening for the security
of the shared data. For the app also, the management has considered the threats posed due to
unauthorized access to the data and so, recommended the users to change their password.
Employee action or mistake:
The employees of an organization need to be aware of the best practices to handle the data
(Gordon et al.2015). Lack of knowledge among the employees also can be effective to enhance
the risk to the data security.
External and Internal Theft:
The data theft is considered as the act of copying the confidential information in an unauthorized
or illegal way (Liu et al.2015). The illegal transfer of confidential or personal information
regarding an individual or the corporation is also considered as the data theft. The types of data
such as the passwords, algorithms, the copyright material, the process oriented data, the software
code and the credit card related information can be susceptible to the security theft related attack.
The external and internal theft of data also increases the risk to data security to a great extent.
Limiting the access to the data can be an effective way for reducing the risk of confidential data
loss.
Vendor:
Often the businesses take help from external vendors to handle the data of their customers
(Fielder et al.2016). In such cases, the businesses require ensuring that the vendors are adhering
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
to the best practices of data handling for reducing the security risks. The data shared on the
internet can be stolen due to lack of awareness among the vendors as well.
Lost or improper disposal of data:
Improper disposal of data is one of the common factors that enhances the risk of data security
(Fielder et al.2016). The businesses need to handle the data with care at every stage of collecting
and processing it. In the current case also, the app, MyFitnessPal , might have faced the security
threats due to improper disposal of the information.
Necessary steps to prevent theft of data:
There are a number of ways which can be used for reducing the data security risk. The ways
using which MyFitnessPal could prevent the data security breach are:
Enhancing the end user security awareness: The security training among the end users can
provide huge benefit to the organization (Von Solms & Roussel, 2015). Training the end users
can eliminate the risk of mistakes done by them and also reduces the need of security breach of
the data.
Development of the right encryption policy: Stealing the data becomes easier when the data is
not in encrypted form. The organization, Armour can have an effective encryption policy to
reduce the data security risk.
Deploying the intrusion detection and the prevention policies: The intrusion detection and the
prevention policies are effective to identify the risks associated with the data in advance and take
actions accordingly (Amini et al.2015). Armour management needs to ensure that the web
servers and the e-mail systems are protected through the intrusion detection and the prevention
policies.
Monitoring the insider behavior: The security threats can arise due to the behavior of the
employees also who need to deal with the confidential data of the organization. Development of
the system monitoring programs can be effective to analyze the behavior of the employee. By
combining the data loss prevention technology, along with the system monitoring program can
help the organizations to develop rules for guiding the employees to act in the proper way.
5
Document Page
Discussion on the incident of data breach in MyFitnessPal app indicates that occurrence of the
incident led to compromising the security of several users. The incident can be caused due to the
insider or end user behavior issues, the vendor issues and also due to the improper disposal of the
data. The organization can prevent the security threats by providing training to the end users ,
monitoring activities of the employees and also incorporating the encryption policies.
PART B:
The WannaCry and the Petya attack were two of the biggest cyber crimes of 2017 (An & Kim,
2018). Both the incidents have impacted the global computer networks devastatingly within
shorter time. Both the WannaCry and the Petya attack had many similarities in their nature. For
example, both the attacks have encrypted files of the affected computers and the victims were
asked to pay the ransom for retrieving their files. In addition, both the attacks have targeted the
large organizations including the government organizations in many countries. The current report
deals with analysis of the natures of the two cyber attacks , the scopes and the operational details
of the attacks. The current report also includes discussion on the potential actions that can be
taken in order to prevent occurrence of such incidents.
Analyzing nature of the problem:
The WannaCry is a ransomware worm which caused a rapid attack through a number of
computer networks in May, 2017 (BRANQUINHO, 2018). At first, the ramsomware used to
infect the Windows computers and next it encrypted the files stored in hard drive of the PC. As a
result, the stored files become difficult for the users to access. Finally, the ransomware in the
computers has demanded for making payment using the bitcoin in order to restore the files.
The WannaCry attack was considered noteworthy because of a number of factors. The
WannaCry attack has affected a number of high profile systems which includes the National
Health Service of the UK. The ransomware attack has exploited the vulnerability of the windows
system.
The WannaCry Ransomware includes a number of components. The ransomware reaches the
computer using the form of a dropper which is a self contained programs and extracts the
6
Document Page
different application components that are embedded within the ransomware itself. The
components present in the ramsomware include the application which is able to encrypt and
decrypt the data. The ransomware also includes the files which contain the encryption keys.
Finally, a copy of Tor is also contained in the ransomware package.
Once the WannaCry is launched, it focuses on accessing the hard coded URL. If the ransomware
fails to access the URL, it attempts to search and encrypt the files. All the Microsoft Office files,
the MKVs and the MP3s are encrypted due to the attack of ransomware and become inaccessible
for the users. When the users try to access the files, the worm demands $300 for decrypting the
files.
The ransomware attack had a devastating effect across the globe. There were nearly 45000
attacks in 99 countries including the Russia, the UK, India, Ukraine, Egypt, Italy and China
(Ivanchenko ey al.2018). In Spain , a number of major companies in the country including the
telecommunication firms were also infected.
The ransomware attack was executed with help of malicious software which is called as the
WanaCryptor 2.0 or the WannaCry which exploits the vulnerability of the Windows based
systems (BRANQUINHO, 2018). The Microsoft has released a patch which was able to fix the
vulnerability in the Windows based systems. The computers where the security update was not
installed, remained vulnerable to the security threats.
The security attack could be predicted in several ways. When the patch was released it became
evident that the systems especially the systems with windows XP are at a greater risk of the
security attacks.
After the WannaCry attack, the Petya was the second big ransomware attack to the global
computers. A number of organizations in the Europe and in the US were affected by the
ransomware attack or the Petya. The organizations which were affected by Petya include the
food company Mondelez, the advertiser WPP, the transport firm Maersk , the legal firm DLA
Piper.
Similar to the WannaCry worm, the Petya , also spread over the computer networks and blocked
the user data. The Petya also demanded $300 to be paid in terms of the Bitcoin to get the user
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
data decrypted (BRANQUINHO, 2018). The malicious software Petya also spreads in an almost
similar manner to the WannaCry. The Windows computers which had the EternalBlue
vulnerability were affected by the attack of Petya. The Microsoft Windows computers, which
had not installed the update, had the risk of being attacked by the ransomware . However, the
Petya has spread itself through the windows administrative tool as well. Therefore, it was
considered to have the better spreading mechanism than WannaCry.
The Petya attack appears to be started through the software update mechanism. The software
update mechanism is used by the accounting programs which the organizations working with the
Ukraine Government employ. Therefore, a number of businesses in Ukraine were affected
including the government organizations, the state power utilities, the banks, the metro system
and Kiev’s Airport. Along with it, the radiation monitoring system at Chernobyl was also
affected due to the ransomware attack. The employees at Chernobyl were compelled to take help
from the hand held counters for measuring the level of radiation. The worm attack also spread
through phishing campaign which used the attachments including malware.
Initially, the Petya attack seems to be another cyber criminal attack which is taking advantage of
the online leaked cyberweapons. According to the security experts, the payment mechanism used
in the Petya attack is amateurish in nature. The ransom note used in this attack indicated that the
affected users need to pay the ransom in terms of the bitcoin. Additionally, most of the
ransomware develops a custom address for the victims. After the attack, the malware informs the
victims for communicating with the attackers through an e-mail. The e-mail address was found
to be suspended by the e-mail provider. It indicates that if the ransom is paid, the victims will not
have any chance to communicate with the attackers in order to decrypt the lost files.
Scope of the attacks:
Both the WannaCry and Petya attacks focused on encrypting the files of the affected computers
and collecting ransom from the affected users. The WannaCry and Petya both targeted a number
of large organizations such as the airports, banks, health service providers such as NHS and the
multinational companies. Both the ransomware targeted the Windows computers which did not
have the latest patch and so, were vulnerable to the security attacks. As per the notes provided by
8
Document Page
both the ransomware, the affected users need to pay some ransom in form of the bitcoin to
retrieve their lost files.
Operational details of the attacks:
Both the WannaCry and the Petya attacks occurred on the windows computers , especially the
computers which have not installed the recent patch launched by Microsoft Windows
(Ivanchenko ey al.2018). The WannaCry worm at first attacks the vulnerable computers with the
help of its self contained programs. When the worm reach the computer, it extracts several
application components which are able to encrypt the data stored to the computer. The
WannaCry ransomware contains an encryption key using which it can encrypt the data. The
WannaCry gets access to the computer using the hard coded URL. When it manages to access
the URL, the encryption starts encrypting the files stored in the computer storage. If the users try
to get access to the computer after WannaCry attack, they get a message demanding the ransom
for decrypting the files.
The Petya attack also occurred at the similar manner. Similar to the WannaCry attack, Petya also
gives importance on attacking the Windows computers which did not have the latest patch.
However, unlike WannaCry, the Petya had two way mechanisms for getting access to the
computers. The Petya was able to attack the computer either through the hard code URL or
through the administrator systems. When anyone of the ways to get access to the computers fails,
the Petya worm tries another way. Once the computer is attacked, the Petya works in the similar
way as WannaCry. The worm encrypts the files stored in the computer and asks ransom from the
users.
Preventive measures for the incident:
The analysis on the WannaCry and Petya attacks can be prevented by keeping the computers
updated. Both the attacks can be managed if the computers have installed the patch and remain
updated. The security threats change their nature rapidly and so, the computers also need to be
updated accordingly in order to prevent the security threats (Cherdantseva et al.2016). Predicting
the potential security threats and taking necessary actions in advance is another way to prevent
9
Document Page
the security attacks. When some of the computers remained non-updated, it was evident that the
systems became vulnerable to security attacks. The attack could be prevented.
References:
Amini, L., Christodorescu, M., Cohen, M. A., Parthasarathy, S., Rao, J., Sailer, R., ... &
Verscheure, O. (2015). U.S. Patent No. 9,032,521. Washington, DC: U.S. Patent and Trademark
Office.
An, J., & Kim, H. W. (2018). A Data Analytics Approach to the Cybercrime Underground
Economy. IEEE Access, 6, 26636-26652.
BRANQUINHO, M. A. (2018). RANSOMWARE IN INDUSTRIAL CONTROL SYSTEMS.
WHAT COMES AFTER WANNACRY AND PETYA GLOBAL ATTACKS?. WIT
Transactions on The Built Environment, 174, 329-334.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-
1176.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb
model. Journal of Information Security, 6(1), 24.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global.
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Ivanchenko, O., Kharchenko, V., Moroz, B., Kabak, L., & Smoktii, K. (2018, February). Semi-
Markov availability model considering deliberate malicious impacts on an Infrastructure-as-a-
Service Cloud. In Advanced Trends in Radioelecrtronics, Telecommunications and Computer
Engineering (TCSET), 2018 14th International Conference on (pp. 570-573). IEEE.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium (pp. 1009-1024).
Von Solms, B., & Roussel, J. (2015, November). A Solution to improve the cyber security of
home users. In AFRICAN CYBER CITIZENSHIP CONFERENCE 2015 (ACCC2015) (p. 157).
11
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]