Cyber Attacks: NotPetya and WannaCry

Verified

Added on 2020/02/24

AI Summary

This case study examines two significant cyber attacks: NotPetya and WannaCry. It discusses the nature of these attacks, their impact on various organizations, and the lessons learned for future prevention. The NotPetya attack, characterized as a wiper rather than ransomware, caused irreversible data loss for many companies, while WannaCry exploited vulnerabilities to spread rapidly across the globe, affecting critical services like the NHS. The study emphasizes the importance of regular system updates, employee training, and robust backup strategies to mitigate the risks of such cyber threats.

PART A
COMPUTER SECURITY BREACH NOTPETYA CYBER ATTACK
INTRODUCTION
Cyber attacks have increased with the augmenting use of technology and the
dependency on technology has been increasing so much that any attack costs millions for any
organization or the entire country. The loss of money and time is next to impossible to repair.
June 2017, a cyber attack by the name of ‘notpetya’ took place which is termed as a wiper
and not a ransomware attack. The cost of the said attack is irreparable as once hit the system
data is lost forever as the same cannot be recovered even if the victim pays ransom thereby
making it one of the most dangerous of the many cyber attacks that has occurred in the past.
Europe’s many systems have been compromised by the said attack. Destruction and running
of the data is what this attack caused. To the surpsie of all, the hackers had no intention for
any kind of a financial benefit. The past version of ‘petya’ was not as destructive as the
present one and hence connoted by all as ‘wiper.’ Hence once a data lost is construed as lost
forever (Henley 2017).
ASSESSMENT OF THE ISSUE
Thereby one can say that the cyber attack which took place led to disruption forever
of the data as in other kinds of attacks one is sure to get back the lost information unlike the
attack by ‘petya.’ The present form of the virus had ensured that the data once gone is gone
forever and there is no way to get the same back. Ones impacted comprise of WPP,
Mondelez- a food company, DLA Piper- a legal firm, Danish Shipping and Maersk who data
has been stolen and the hackers are demanding money. Petya has been found triumphant in

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

beating the abuse of Eternal Blue and Eternal Romance’s weaknesses in the MS Office
loaded systems (Brandom, 2017).
Kaspersky Lab has confirmed that the attack has destroyed or hacked approximately
2000 systems covering around a dozen countries. The said attack does not provide instant
solution to deal with and hence is connoted to be even more fatal than the WannaCry attack
which occurred in May 2017.The virus impacts the entire hard drive and not only a particular
file or document. Hence the main intention lies halting of the entire system in totality.
Pravda, a Ukranian entity has confiemd that the Chernobyl Nuclear Plant has been
impacted by Petya, furthered by another confirmation by one of the biggest transporter
globally, Maersk that its Rotterdam system has been infected. Seventeen shipping container
terminals run by APM terminals have been infected too wherein two are stated in Rotterdam
and the rest in various other parts of the world. Businesses houses have been infected in a
major way. To everybody’s surprise, the entire attacks’ initiation point is still being searched
for even if the main threat seems to be from Ukraine (Solon, & Hern, 2017).
SOLUTIONS TO PREVENT SUCH HACKS
Regular updation of one’s systems is one of the most important ways to ensure that
the organization is protected against such attacks. March’s crucial patch can be loaded which
would help to deal with the attack successfully. The said patch would not only protect now
but also in future along with many payloads. Anti-virus companies have also confirmed that
they had an updated software which had the ability to detect and protect against petya.
Another very common methods of safeguarding systems always is backup. Backing up of
files should be done always so that the data can be safeguarded from permanent loss
(McGoogan, 2017).

It is very crucial to know that if a system is hacked by the petya virus then the modus
operandi for the said attack is such that post attacking a system, the PCs hang around for an
hour before the system is rebooted again. Hence whenever the system is rebooting the user
should make a conscious effort to switch off the machines which would further help
preventing the files from getting corrupted. Reformatting of the hard drive instantly is a must
and hen the back up files should be again loaded.
CONCLUSION
Thus on a concluding note, it can be said the attack is one of the dangerous ever seen
in the history of the cyber attacks. People had thought nothing could be worse than
WannaCry but this is way above the same. Destroying the hard drive is like a million dollar
loss whose recovery may not be possible and may even lead to closing down of entities.
Hence the system operators of the firms should make it compulsory to update systems and
backing up of data on a continuous basis.

REFERENCES:
Henley,J. (2017). ‘Petya’ ransomware attack strikes companies across Europe and US.
Retrieved from https://www.theguardian.com/world/2017/jun/27/petya-ransomware-
attack-strikes-companies-across-europe
Brandom,R. (2017). A new ransomware attack is infecting airlines, banks, and utilities
across Europe. Retrieved from
https://www.theverge.com/2017/6/27/15879480/petrwrap-virus-ukraine-ransomware-
attack-europe-wannacry
McGoogan,C. (2017). Petya cyber attack: Everything to know about the global ransomware
outbreak. Retrieved from http://www.telegraph.co.uk/technology/2017/06/27/petya-
cyber-attack-everything-know-global-ransomware-outbreak/
Solon,O. & Hern,A. (2017). ‘Petya’ ransomware attack: what is it and how can it be
stopped? Retrieved from
https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-
attack-who-what-why-how
PART B
MAY 2017 RANSOMWARE CYBER ATTACK- WANNACRY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION
WannaCry, one of the deadliest cyber attacks in the history of security hacks which
took place in the month of May 2017 has shaken the countries world-wide The National
Health Service (NHS) was the one who was targeted first by the ransomware attack.However,
it not only impacted NHS but various countries worldwide. It did not only impact the United
States of America but also India, China, Russia and Ukraine amongst the ones which were hit
the worse. However, the attack would not have taken place had the hackers would not have
been able to steal the instrument named Eternal Blue which was a defense weapon built in by
the US National Security Agency so that they were able to hack the systems of the terrorists
and find out their attacking plans. The quantum of systems being affected is not less but in
lakhs. Of the many computers and organizations, the WannaCry ended up impacting the
systems of one of the most sought after transport company, FedEx Corp (Wattles, & Disis,
2017).
ASSESSMENT OF THE MAIN ISSUE
Here the main problem was the intensity of the attack was too vast enough to be able
to control the same easily. It has spread across borders across the globe hence people and
researchers are unable to control the hue and cry on an immediate basis. The most surprising
thing about this whole attack was the way adopted for the conduct of the same. The attack
was done by a common method i.e. phishing wherein the attacker send spam mails with
malicious attachments and when the receiver opens these mails and downloads these
attachments then the system gets attacked. Unfortunately the formatting of the mails has been
done in such a manner that even if people were aware of the fact that they are not to open the
spam mails, yet they ended up opening the same thereby infecting their systems. Thereby it is
understood that the main issue is that even on knowing the consequences that could occur on

opening of spam mails, people ended up doing so, they finally were victimized of the
problem.
Further to this the issue becomes graver when the systems which are infected with
virus, are asked to pay a ransom with the help of Bitcoin so as to get back the access.
However, the fact that the access would be given again is not a surety post payments as well.
To the shock, the attacker had spread the virus at such a speed that the defenders were finding
the situation out of control and were not very successful in the immediate halting of the issue
(GReAT. 2017). The entire world shook with the said virus attack and the visibility of the
same was wide spread unlike other kinds of attacks.
WHO WERE AFFECTED AND HOW
NHS Hospitals were one of the worst along with GP surgeries who had the worst
impact of the said hack. The impact was such that the patients were returned home and it was
declared that no surgeries would occur and all the appointments had to be cancelled. Those
who are ailing with some serious critical medical issues were only to be treated else not. The
software which had infected their system was named as ‘Wanna Decryptor.’ The implications
of the attack was unimaginable, such that the people were requested to shut down the systems
and g back to the traditional method of using pen and paper. They were forced to use their
mobile phones since the landlines were also under the attack. Simple reason for the return of
the patients was that their data were hacked which would be manipulated and may even lead
to improper treatment (Liptak 2017).
As has been said earlier four of the most affected countries are Russia, India, Taiwan
and Ukraine. FedEx was not the only big corporation impacted, but Telefonica a Spanish
telecommunication company was also under the pangs of the attack along with Deutsche
Bahn, Germany. But Telefonica has confirmed that all the systems were not hit, and only

some have been infected. However the data of the clients and others are safe and secure
without any mishandling of the same.
HOW WAS THE ATTACK CARRIED OUT
As discussed above, the attack was conceded by the help of a technique called
‘phishing’. Shadow Brokers, a cyber attackers group had pleaded guilty with regards the
stealing of the weapon ‘Eternal Blue’ from NSA, USA. But the corruption was not done by
them. As per them, Shadow Brokers had mounted the said virus on an enigmatic site and the
same was again stolen by someone else who had bad intentions of causing harm. It was after
this second theft that systems across countries got affected (Titcomb, & McGoogan, 2017).
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
The attack however could have been prevented had these organizations provided
adequate training with regards the fact that they are not supposed to open up spam mails or
such mails being received from unwanted and unknown sources. Further the same should be
intimated to the IT team on an immediate basis. Another very crucial method of ensuring
prevention of the said attack would be updating the MS Office on a continuous basis so that
such attacks do not happen. The most surprising thing was stealing of an important weapon
from the government building shows the negligence and hence they should take stringent
measures so as to deal with the same. Such an incident would not have occurred had the
government agencies been able to secure such a crucial weapon safely.
REFERENCES:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

GReAT. (2017). WannaCry ransomware used in widespread attacks all over the world.
Retrieved from https://securelist.com/wannacry-ransomware-used-in-widespread-
attacks-all-over-the-world/78351/
Liptak,A. (2017). The WannaCry ransomware attack has spread to 150 countries. Retrieved
from https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-
ransomware-attack-spread-150-countries
Titcomb,J. & McGoogan,C. (2017). Cyber attack: Latest evidence indicates ‘phishing’
emails not to blame for global hack. Retrieved from
http://www.telegraph.co.uk/technology/2017/05/15/nhs-cyber-attack-latest-
authorities-warn-day-chaos-ransomware/
Wattles,J. & Disis,J. (2017). Ransomware attack : Who’s been hit. Retrieved from
http://money.cnn.com/2017/05/15/technology/ransomware-whos-been-hit/index.html