Understanding Ransomware Attacks

Verified

Added on  2020/02/24

|12
|2947
|59
AI Summary
This assignment delves into the world of ransomware attacks, examining their mechanisms, impacts on individuals and organizations, and the various methods employed by attackers. It encourages students to analyze real-world examples of ransomware, understand its evolution, and explore effective defense strategies. The focus is on practical measures and best practices for mitigating ransomware risks and enhancing cybersecurity posture.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1INFORMATION SECURITY
Executive Summary
The ransomware virus is responsible to sabotage one’s computer and encrypt his or her
personal files and ask for money to decrypt back those files. Petya and WannaCry , the two
ransomware virus have been discussed thoroughly throughout the report. the WannaCry and
Petya the two ransomware virus attack is a threat not only limited to individuals but it created
an adverse impact on the organisations as well. The report stated the how both the virus
spread their wings, how they got connected to the users, how they took out money. The
victims suffered a lot as because the whole operating system got sabotaged due to this viral
attack, the software, the important files everything was put into risk. The victims in some
scenario lose their files completely even after paying the money. The organisations also
suffered, they gave no respite the government organisations too. However, the risks could
have been mitigated if they backed up their files, installed antivirus software in their system.
All the possibilities and the positive outcome have been highlighted in this report.
Document Page
2INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Part A.........................................................................................................................................3
1. What was the problem?......................................................................................................3
2. How and why it occurred?.................................................................................................3
3. What are the possible solutions?........................................................................................4
Part B..........................................................................................................................................5
1. What was the problem?......................................................................................................6
2. Who was affected and how?..............................................................................................6
3. How was the attack carried out?........................................................................................6
4. What could have been done to prevent the attack?............................................................7
Conclusion..................................................................................................................................8
References................................................................................................................................10
Document Page
3INFORMATION SECURITY
Introduction
The ransomware virus is responsible to sabotage one’s computer and encrypt his or
her personal files and ask for money to decrypt back those files (Kirda, 2017). Petya and
WannaCry , the two ransomware virus have been discussed thoroughly throughout the report,
the latter attacked in the month of May 2017 and the former attacked in the month of June
2017 and created mishaps all throughout the world.
The report will showcase the two viri and their impact elaborately will also show light
on how the virus spread and the process to mitigate the adverse effect of the two.
Part A
The ransomware virus, Petya was associated in the month of June 2017 ransomware
cyber-attack
1. What was the problem?
The Petya ransomware virus attacked the computer system of an individual and
gained access to the computer, and then the intruders encoded the personal files of those
individuals (Richardson and North, 2017). Later when they went to open their computer they
found a warning message that their system is locked and the file had been encoded, the
individuals who are willing to get back the files must have to pay a huge amount of money,
the range was around $300 (Kirda, 2017). After the payment, they could get access to the key
by which the files could be decoded back. It is not limited to that; it makes the whole drive
unreadable, even it makes the whole Windows operating system unbootable as well. The
problem creates that it not only affects individuals but also the HR of the public as well as
private companies.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4INFORMATION SECURITY
2. How and why it occurred?
One of the business organisations was given the responsibility to work on the
accounting software for the government of Ukraine. The ransomware attack spread its wings
at that time, and the whole Ukrainian government along with the whole state got involved and
got affected heavily by the aforesaid virus (Aurangzeb et al., 2017). Peta’s impact is
comparatively higher compared to the other prevalent virus at that time, the virus is said to
have been originated by the intrusion of the accounting software of Ukraine named “MeDoc”.
Within a short span of time, the malicious software spread from one machine to other
(Richardson and North, 2017). The virus attack through insecure network and ransomware is
no exception, with the help and support of EternalBlue, the virus multiplied its impact with
the use of WMIC. It basically said to originate from the country Ukraine, later it affected
Russia, United Kingdom and also to India. The exact origin of the virus remains still
undetected. The advanced users solve their issues or problems, but those who are not used to
the operating system, got affected by the Petya virus, the students and the educators are the
main victims.
The effect of Petya virus can be detected by the following symptoms, they can be
detected by seeing the ‘Blue Screen of Death’ of Windows operating system. Petya started
encoding the master table file. Later after the blue screen of death, the user can see the red
warning screen (Kharraz et al., 2015). The warning screen of Petya shows the ‘red skull’
warning message. Through this message, Petya sends the payment message that means they
have to pay the amount in the form of bitcoins. Only after paying the amount the victim can
gain access to the system.
Document Page
5INFORMATION SECURITY
3. What are the possible solutions?
The virus’s effect can be reduced by the following means-
i. The business organisations or the individuals should install quality anti-virus
software in their system to get rid of the harmful effect of the Petya virus (Mansfield-Devine,
2016). The antivirus software also gives probable solutions to fight against Eternal Blue.
ii. The ransomware virus generally affects the files which can be both reads and write
and leave those files which are only read-only, so the users who want to protect their files
must save their important files in read-only mode (Hong 2017).
iii. The user must not open the email attachment which seems to be suspicious
(Mercaldo et al., 2016). The email attachments can come from the trusted sender, but one
should not open it.
Document Page
6INFORMATION SECURITY
Part B
WannaCry is the second antivirus which will be discussed in the report which spread
in the month of May 2017.
1. What was the problem?
WannaCry works almost similar to Petya, it attacked the computer system of
individual and encoded the files residing in the system, in this way the hackers encrypted
almost all the files present in the hard disk, the antivirus is the cause for many PC sabotage
too, and many victims have claimed that their PC has been locked (Mohurle and Patil, 2017).
This virus especially seemed to be spread via Server Message Block, SMB is that port that
operates on the two ports 445 and 139. This ransomware virus basically targeted the
Windows users all over the world, after the initial attack, it spread through the entire
Windows operating system, sometimes make it unbootable, the users at the time of login,
found their system was being hacked by WannaCry and they could be set free, if they wished
to pay $300.
This ransomware virus not only encodes the file but also delete the original file, in
this way it threatens the user for the loss of data (Morgan, 2016). It creates a sense of urgency
to the users and makes it more vulnerable, even after the payment there is no guarantee that
the intruders will give them the file back, in some scenarios the files get destroyed
permanently. It started to spread from the UK and later spread its wings to rest of the world.
2. Who was affected and how?
It has been researched well and found that Microsoft XP being the outdated operating
system is not affected by the ransomware antivirus and Windows 7 has been affected the
most. This ransomware attacked principally the Windows 7 clients. At initial, WannaCry
attacked the computers of the individuals then encrypted the personal files via AES-128

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INFORMATION SECURITY
figure and the hackers intentionally removed the shadow copies within (Collier, 2017). The
victims who were hacked found that their system has been sabotaged and they could release
their system if they were willing to pay an amount of $300 or more in the form of Bitcoin.
The virus spread via WannaCry's wannacrydecrypter.exe, they used the tor.exe to connect to
the local nodes with them (Simmonds, 2017). The IP of the victim’s computer system is
traced first and then via associated IP subnets, the virus spread among the masses. The attack
was basically conducted via the port 445. The intruders asked for money via this connected
port and the amount they received got transacted via this port.
3. How was the attack carried out?
WannaCry seems to have been hosted on a website first and then via the website, it
spread, however, the original infected source is unknown to all, the WannaCry used Server
Message Block to spread the malware.When a URL got infected by the WannaCry antivirus,
the intruders run the switch URL to send the virus in the sandbox, they cross-checked for he
URL whether that got killed or not, after making sure it got killed and there is no way that the
URL would response again, they infected all the files of the system via AES-128 figure
(Collier, 2017). The encrypted files got the extension of .wncry. The infected files could only
be encrypted by the intruders with him special digital key however, the victims had to pay a
large sum of money of around $600 or so (Hills, 2017). When the victims logged in their
system could see a warning message, the attack which was conducted by WannaCry.
Microsoft SMB has been used to share files with the individuals who are connected to the
closed network and gets highly affected (Moon & Chang, 2016). The intruders who perform
all the attack do not guarantee that after payment they will give them the file back, even if
they give the file back there is no guarantee that the file is readable.
Document Page
8INFORMATION SECURITY
4. What could have been done to prevent the attack?
The individuals, however, could save themselves from the attack by the following
means-
i. The users or the individuals should keep backup of their files which are very
important and will be needed in mere future.
a. The company or the business orgainsations should take the initiative to back up the
files because that could save a whole lot of money of the company as well as the resources.
b. The business organisations must configure a risk management plan to mitigate all
the digital security threats (Laszka, Farhang and Grossklags, 2017).
ii. Within the WannaCry malware there stays a long URL that can effectively act as a
kill switch.
iii. During the execution, the WannaCry looks for the domain, if it finds out the
domain name then automatically the WannaCry Decryptor stops working or stop spreading
the virus. Therefore, who buys the domain name or get registered with the domain name can
stay safe from the WannaCry attack (Moon & Chang, 2016). But those who are already
affected cannot get rid of the adverse effect of the WannaCry virus.
iv. The DOUBLEPULSAR should be removed from the system as it restricts
antivirus to work. Therefore, the back door must be removed (Choi et al., 2016). The SMBI
file protocol should also be disabled via which the worm spread across.
v. The usage of the cloud services can mitigate the effect of ransomware infection, as
the previous version of the files can help to revert back to the unencrypted form.
Document Page
9INFORMATION SECURITY
vii. The users should make check the status of the email carefully as it may contain
the virus.
Conclusion
It can be concluded from the above discourse that the WannaCry and Petya the two
ransomware virus attack is a threat not only limited to individuals but it created an adverse
impact on the organisations as well. The report stated the how both the virus spread their
wings, how they got connected to the users, how they took out money. The victims suffered a
lot as because the whole operating system got sabotaged due to this viral attack, the software,
the important files everything was put into risk. The victims in some scenario lose their files
completely even after paying the money. The organisations also suffered, they gave no
respite the government organisations too. However, the risks could have been mitigated if
they backed up their files, installed antivirus software in their system. All the possibilities and
the positive outcome have been highlighted in this report. Both the Petya and WannaCry
virus effect has been diminished, however by taking necessary precautions individuals or the
business organisations can save themselves from the attack.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10INFORMATION SECURITY
References
Aurangzeb, S., Aleem, M., Iqbal, M. A., & Islam, M. A. (2017). Ransomware: A Survey and
Trends. Journal of Information Assurance & Security, 6(2).
Choi, K. S., Scott, T. M., & LeClair, D. P. (2016). Ransomware against police: diagnosis of
risk factors via application of cyber-routine activities theory. International Journal of
Forensic Science & Pathology.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.
Hong, S., Liu, C., Ren, B., & Chen, J. (2017, June). Poster: Sdguard: An Android Application
Implementing Privacy Protection and Ransomware Detection. In Proceedings of the
15th Annual International Conference on Mobile Systems, Applications, and
Services (pp. 149-149). ACM.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the
gordian knot: A look under the hood of ransomware attacks. In International
Conference on Detection of Intrusions and Malware, and Vulnerability
Assessment (pp. 3-24). Springer, Cham.
Kirda, E. (2017, February). UNVEIL: A large-scale, automated approach to detecting
ransomware (keynote). In Software Analysis, Evolution and Reengineering (SANER),
2017 IEEE 24th International Conference on (pp. 1-1). IEEE.
Laszka, A., Farhang, S., & Grossklags, J. (2017). On the Economics of Ransomware. arXiv
preprint arXiv:1707.06247.
Document Page
11INFORMATION SECURITY
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network
Security, 2016(10), 8-17.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal
Techniques for Distributed Objects, Components, and Systems (pp. 212-221).
Springer, Cham.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Moon, J., & Chang, Y. (2016). Ransomware Analysis and Method for Minimize the
Damage. The journal of the convergence on culture technology, 2(1), 79-85.
Morgan, S. (2016). IT analyst forecasts are unable to keep pace with the dramatic rise in
cybercrime, the ransomware epidemic, the refocusing of malware from PCs and
laptops to smartphones and mobile devices, the deployment of billions of under-
protected internet of things devices, the legions of hackers-for-hire, and the more
sophisticated cyber-attacks launching at businesses, governments, educational
institutions and consumers globally. Risk Management, 63(7), 40-41.
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and
Prevention. International Management Review, 13(1), 10.
Simmonds, M. (2017). How businesses can navigate the growing tide of ransomware
attacks. Computer Fraud & Security, 2017(3), 9-12.
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]