Ransomware Threats: Analysis of Petya and WannaCry Attacks

Verified

Added on 2020/03/02

AI Summary

This report provides an in-depth analysis of the Petya and WannaCry ransomware attacks, which have significantly impacted individuals and businesses. It details the nature of these attacks, including how they lock systems, encrypt files, and demand ransom payments. The report examines the spread mechanisms of these viruses, such as exploiting vulnerabilities in software and utilizing the SMB protocol. It also explores the impact of these attacks, including data loss and financial repercussions. Furthermore, the report highlights various solutions to mitigate the risks, such as installing antivirus software, creating data backups, and implementing security awareness programs. The conclusion underscores the importance of proactive security measures to protect against modern-day cyber threats.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY
Executive Summary
The ransomware virus in recent times has become a threat to the individuals and also to the
business organisations. The ransomware virus is responsible for locking up one’s computer
and system and encrypt personal files in lieu of some cash. WannaCry and Petya are of those
two kinds. Petya attacked around June 2017 while WannaCry attacked just a month ago
around May 2017. The Petya and WannaCry ransomware virus have been detailed in this
report. The report highlighted the ransomware virus’ impacts in details and how the virus is
spreading has also been elaborated in the report. If their security gets compromised there is a
possibility to lose confidential information as well as the companies will have to pay a much
higher revenue for the pitfalls. The possible solutions also have been discussed in this report.
The companies must take precautions to ensure and safety of their premises, they must install
antivirus software in their system and must update the software constantly to protect their
office premises hardware and software from the security breaches.

2INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Part A.........................................................................................................................................3
1. What was the problem?......................................................................................................3
2. How and why it occurred?.................................................................................................3
3. What are the possible solutions?........................................................................................4
Part B..........................................................................................................................................4
1. What was the problem?......................................................................................................4
2. Who were affected and how?.............................................................................................5
3. How was the attack carried out?........................................................................................5
4. What could have been done to prevent the attack?............................................................6
Conclusion..................................................................................................................................6
References..................................................................................................................................8

3INFORMATION SECURITY
Introduction
The ransomware virus is responsible for locking up one’s computer and system and
encrypt personal files in lieu of some cash (Choi, Scott & LeClair, 2016). WannaCry and
Petya are of those two kinds. Petya attacked around June 2017 while WannaCry attacked just
a month ago around May 2017 and create a havoc.
The report highlights the problems, the report also focuses on how the virus spreads
and the impact on the individuals and the companies. The report also grandstands the possible
solutions to mitigate the viruses impact on the computer system.
Part A
Petya is the ransomware virus that was involved in the June 2017 ransomware cyber-
attack.
1. What was the problem?
The ‘Petya’ ransomware attacked one’s computer system and encrypted the personal
files used by the individuals or the organisations (Richardson & North, 2017). The files could
only be decrypted by a digital key and the digital key could only be available if the
organisations or the individuals if they are willing to pay the cash amount of $300.
2. How and why it occurred?
The companies that worked for the Ukrainian government were working on the
updates of the accounting program used by the Ukrainian government. At that time the
ransomware attack occurs and the government banks, the state power utilities and the
Ukrainian government itself got affected (Aurangzeb et al., 2017). Petya has a larger impact
compared to the contemporary ransomware. Petya ransomware was deployed by hacking and
exploring the Ukranian Accounting software ‘MeDoc’ and afterwards by utilising the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY
automatized software update method to implement the malware onto all other systems
(Richardson & North, 2017). Petya was spread through local networks onto various
computers. Also by the help of EternalBlue, Petya proliferated its impact over the network
utilising WMIC.
3. What are the possible solutions?
Petya ransomware attack can be mitigated by taking the following actions-
i. The companies must install antivirus on their computer system to stay safe from the
ransomware virus (Mansfield-Devine, 2016). The antivirus software has the capabilities to
defend the EternalBlue vulnerability.
ii. Petya searches for the read-only files, it generally avoids the read-only files, so the
customers or the organisations who want to protect themselves from the attack can save their
important files as read-only mode.
Part B
WannaCry is the ransomware virus that was involved in the May 2017 ransomware
cyber-attack.
1. What was the problem?
WannaCry is a sort of ransomware and elicits malware that attacks one’s computer
system and encrypts one’s personal files and also steals files from the hard disk and even
locks computer system. The ransomware generally spreads through SMB, the Server
Message Block protocol that operates on the ports 445 and 139 (Mohurle & Patil, 2017).
Basically, the ransomware attacked the Windows users and then gradually exploited the
whole Windows systems. Later when the user tried to access the system they found their

5INFORMATION SECURITY
system locked and the ransomware promised them to unlock the system but lieu of around
$300 to $600.
2. Who was affected and how?
WannaCry attacked primarily the Windows users. At first, WannaCry attacked one’s
system, it encrypted the personal files of the victim utilizing AES-128 cypher and
purposefully deleted the shadow copies. Thus the victim opened his system and found it was
being hacked and could only be opened in lieu of cash like around $300 or $600 in the form
of Bitcoin. WannaCry’s wannadecrypter.exe utilised tor.exe, made connections to the tor
nodes and connected back the intruders (Collier, 2017). The IP address of the victims’
machine was analysed and the IP addresses of the similar subnets were also analysed to find
more and more infected systems and thereby connected to through TCP IP port 445. Lastly,
while the machine got successfully connected the payment WannaCry requested got
transacted.
3. How was the attack carried out?
WannaCry utilized the SMB to spread the malware in a similar way what the worm
does. Once a system got infected, WannaCry killed the switch URL so that the malware got
into the sandbox (Hills, 2017). WanaCry checked for the URL if gets killed successfully then
there is no chance of URL further responding. After all the verification the malware
encrypted all the files using AES-128 cypher. The files which WannaCry encrypted had an
extension of .wncry. The files that were encrypted could only be decrypted by paying
US$300 or in some cases around US$600 (Collier, 2017). The victim while accessing the
system, while accessing the files could see the message of ransomware attack conducted by
WannaCry.

6INFORMATION SECURITY
4. What could have been done to prevent the attack?
The individuals or the organisations could have mitigated the ransomware attack by
taking the following actions-
i. Maintaining appropriate backups of the files that contain the important data or the critical
data.
a. The companies should make a specific timeline for backup the files and this for sure could
save money.
b. The companies should have a disaster prevention plan to save themselves after the attack,
this could also save a few amounts of money of the companies (Laszka, Farhang &
Grossklags, 2017).
ii. The organisations must stay ensure that they have security awareness plan beforehand to
save themselves from this kind of scenario.
iii. They must have implemented endpoint monitoring and should warn the subordinate team
members about the potential attacks and the risks associated with it.
Conclusion
It can be concluded from the above discourse that the ransomware virus is a modern-
day threat to the individuals and also to the business organisations. The Petya and WannaCry
ransomware virus have been detailed in this report. The report highlighted the ransomware
virus’ impacts in details and how the virus is spreading has also been elaborated in the report.
If their security gets compromised there is a possibility to lose confidential information as
well as the companies will have to pay a much higher revenue for the pitfalls. The possible
solutions also have been discussed in this report. The companies must take precautions to
ensure and safety of their premises, they must install antivirus software in their system and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY
must update the software constantly to protect their office premises hardware and software
from the security threats and risks.

8INFORMATION SECURITY
References
Aurangzeb, S., Aleem, M., Iqbal, M. A., & Islam, M. A. (2017). Ransomware: A Survey and
Trends. Journal of Information Assurance & Security, 6(2).
Choi, K. S., Scott, T. M., & LeClair, D. P. (2016). Ransomware against police: diagnosis of
risk factors via application of cyber-routine activities theory. International Journal of
Forensic Science & Pathology.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.
Laszka, A., Farhang, S., & Grossklags, J. (2017). On the Economics of Ransomware. arXiv
preprint arXiv:1707.06247.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network
Security, 2016(10), 8-17.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and
Prevention. International Management Review, 13(1), 10.