Comparative Analysis: Petya and WannaCry Cyber Security Breaches

Verified

Added on 2020/02/24

AI Summary

This report provides a detailed analysis of two significant cyberattacks: Petya (June 2017) and WannaCry (May 2017). The Petya attack, characterized as a wiper rather than ransomware, caused widespread data destruction across Europe, exploiting vulnerabilities in Microsoft systems. The report examines the attack's impact on various companies and the challenges in data recovery. The WannaCry attack, a ransomware attack, impacted numerous countries, including the NHS in the UK, utilizing phishing techniques and exploiting vulnerabilities. The report details the methods of attack, the affected entities, and the preventive measures that could have been implemented. Both attacks underscore the importance of regular software updates, data backups, and user awareness to mitigate the risks of future cyber threats.

PART A
COMPUTER SECURITY BREACH TOOK PLACE IN JUNE 2017- NOTPETYA
CYBER ATTACK
INTRODUCTION
There seems to be a data security breach almost on a daily basis, so much that every
time it hits an organization or a country, the loss is repairable. One such that took place in the
mont of June 2017 was by the name of Petya which is not a ransomware attack but a wiper.
The said attack’s consequences are found to be much more alarming than construed by
people. It had ended up attacking and destroying the networks of various companies across
Europe. Generally security breaches lead to utilization of stolen data but not destruction of
the same, however the said attack leads to the later i.e. destruction of data on a huge scale.
The attackers were never inclined towards a motive of obtaining any sort of financial gain
from these entities and such other victims. The earlier version of the same attack was not as
deadly as the 2017 version which is termed as ‘wiper’ by various researchers. The malicious
software is known as Petya, NotPetya, ExPet, Nyetya and such other names (Hackett, 2017).
Here the issue lies is that the data once destroyed cannot be retrieved again.
ASSESSMENT OF THE ISSUE
Thus it is understood that the said attack is even more worse than any such
ransomware attacks wherein the victim at least has the surety to get hold of the stolen data.
Unfortunately the latest version of this attack leads to permanent deletion of significant data.
Europe and USA have been the main victims of the said attack. Companies such as WPP,
Mondelez a food company, DLA Piper- a law firm and Danish Shipping and transport firm
Maersk wherein the information has been taken into custody by the attackers and ransomware

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

is being demanded for. Petya has been found successful in abusing the EternalBlue and
EternalRomance vulnerabilities in Microsoft’s systems ((Brandom, 2017).
As per the security company, Kaspersky Lab, the hack had infected around 2000
systems in around more than a dozen countries. As mentioned above, the Eternal Blue was
not only the way this virus could spread, however there were other means also (McGoogan.
2017). Unfortunately, this is even more dangerous than the WannaCry attack which took
place in May 2017 since there seems to be no immediate remedy to deal with the said hack.
Petya’s main motive is not to destroy the single files or documents but to infect the entire
hard drive of a system. Thereby the issue here is not only the attacking of the systems but to
ensure that they stop working in totality.
Pravda, a Ukranian organization has stated that its systems at Chernobyl nuclear plant
has been a victim of the said virus. Similarly, Maersk has also confirmed that its systems in
Rotterdam has been infected. Seventeen shipping container terminals run by APM terminals
have been infected too wherein two are stated in Rotterdam and the rest in various other parts
of the world. However, the intensity of the virus attack is no deep and the rate at which it has
been spread on a world wide scale infecting major business houses and infrastructural
facilities, it seems that it is not possible to halt it from spreading further. Unfortunately the
source of the said attack is still being searched upon by the researchers (Rothwell et.al. 2017).
Although it being guessed that the main start is from Ukraine.
SOLUTIONS TO PREVENT SUCH HACKS
Since EternalBlue and EternalRomance weakness of the Microsoft has been one of
the major issues behind the attack, one of the very prominent solution to prevent such attacks
is by regular updating the MS Windows program, by mounting the March’s crucial patch
which helps to fight against the said weakness is found to be one of the main ways out to stop

the spread of such an attack. This will also help to protect against the attacks in future as well
with various payloads. Also various anti-virus entities have recently said that their software
have already been updated to be able to detect and protect against the said anti-virus (Haynes,
2017). Another very important way to safeguard oneself from such attacks is by taking a
backup of all files on a regular basis so the impact of such attacks would not be felt too
harshly.
Apart from this, if the system is attacked by Petya, then the procedure for the same is
that after infecting the PCs, it waits for an hour before the system is rebooted. Thus when the
system is rebooting the user should switch off the machine so that files will not get corrupted
and soon the system should be disconnected from the internet. The hard drive should be
immediately reformatted and then the back-up files reloaded again. This would enable
safeguarding of the system from the anti-virus attack (Solon & Hern, 2017).
CONCLUSION
Hence it can be summarized as an attack which is even more dangerous than those
which demand ransom like the WannaCry. May 2017 had seen one fothe worst in the history
of cyber attacks but June 2017 had seen even worser wherein the entire hard drive gets
infected to such an extent that the files are destroyed permanently leaving the user with no
option of recovery if back-ups are not taken. Thus full efforts should be made to ensure that
the system is updated with the latest anti-virus along with adequate back-ups so that recovery
is not an issue.

REFERENCES:
Brandom,R. (2017). The Petya ransomware is starting to look like a cyberattack in disguise.
Retrieved from https://www.theverge.com/2017/6/28/15888632/petya-goldeneye-
ransomware-cyberattack-ukraine-russia
Hackett,R. (2017). What that Globe Circling, Business-Crushing Malware Wreck Computers.
Retrieved from http://fortune.com/2017/06/30/petya-ransomware-video/
Haynes,J. (2017). Cyber attack: What’s going on with the latest ransomware virus?
Retrieved from http://www.abc.net.au/news/2017-06-28/whats-going-on-with-the-
latest-cyber-attack/8658332
McGoogan,C. (2017). Petya cyber attack: Everything to know about the global ransomware
outbreak. Retrieved from http://www.telegraph.co.uk/technology/2017/06/27/petya-
cyber-attack-everything-know-global-ransomware-outbreak/
Rothwell,J., Titcomb,J. & McGoogan,C. (2017). Petya Cyber Attack : Ransomware spreads
across Europe with firms in Ukraine, Britain and Spain Shut down. Retrieved from
http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/
Solon,O. & Hern,A. (2017). ‘Petya’ ransomware attack: what is it and how can it be
stopped? Retrieved from
https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-
attack-who-what-why-how

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

PART B
MAY 2017 RANSOMWARE CYER ATTACK
INTRODUCTION
The National Health Service (NHS) was attacked by a ransomware attack in the
month of May 2017. However, it not only impacted NHS but various countries worldwide.
The attack took place with the help of such tools which was specially formulated by the US
National Security Agency for the purpose of infecting the systems of the terrorists.
Unfortunately the same was stolen by the hackers and since then it has led to mass
destruction across the globe. The number of systems infected is not in thousands but in lakhs
and it had hit the system of one of the most renowned transporter, FedEx Corp. Countries
which have had a major impact due to the said ransomware are Russia, India, Taiwan and
Ukraine who as per the data published by Czech security firm Avast, were the worst sufferers
(Goswami, 2017).
ASSESSMENT OF THE MAIN ISSUE
The pivotal problem that can be construed about the WannaCry attack was that the hit
was not restricted on a small scale such as a small company or just a particular country, but
unfortunately it had hit various companies and innumerable countries as well. The attack was
done by using one fo the simplest method i.e. phishing. The said kind of an attack basically
calls for sending spam mails containing malicious software or virus containing content via
emails. The mails are written in such a manner and format that it easily attracts the receivers
and lures them to open the same including the attachments. As soon as the same is done, the
system gets infected. Thus WannaCry used this very common method and unfortunately

people even though aware fo the fact that mails received from unknown resources should not
be accessed, opened them and ended up infecting their systems (Booth, 2017).
Secondly, as soon as the computers got infected with the virus, hey were asked to
make a certain amount of payment via Bitcoin for regaining access. Unfortunately, there was
no surety about the access even after the payments were made. The hacker had spread the
virus at such a pace that it was difficult for the defenders and the anti-virus companies to
fight against it because of the area it had infected. The visibility led to emergence of a hell lot
of panic all over the world (Titcomb, & McGoogan, 2017).
WHO WERE AFFECTED AND HOW
Britain’s NHS hospitals, as stated above and GP surgeries were the ones who had a
major impact due to WannaCry in England and Scotland. Wanna Decryptor was the name of
the malicious software used. The impact was so horrendous that the staff members were
forced to shift their mode of working from system to manual and were also asked to use their
mobiles more because the attack had impacted systems as well as fixed landlines. To the
surprise, the cyberattack proved to be dangerous to the lives of those who were suffering
from various diseases and were either going to seek surgeries or were admitted were all
released (Perlroth et.al. 2017). Almost all the appointments were called off because of so
much of messing and scurrying of facts and figures stored on various machines. People were
said that they would be provided medical aid only if the situation was critical enough else
not. The ransomware attack was so deep cut that ailing patients had to suffer ailments due to
denial of medical help.
As of now, Russia, wherein the Interior Ministry was the target and India, Taiwan and
Ukraine have reported the worst impacts. Not to forget FedEx Corp, followed by Telefonica a
telecommunication company registered in Spain and Deutsche Bahn, Germany were also the

victims. However as per Telefonica all of the systems were not victimized, some were and
the data of its clients and the services they provide are all safe and secure (Wattles & Disis.
2017).
HOW WAS THE ATTACK CARRIED OUT
Phishing, one of the most sought after and known methods of attack was used by the
attackers. Cyber Gang by the name of Shadow Brokers are the main culprit. The gang had
confessed about the theft of the ‘cyber weapon’ from NSA, USA called ‘Eternal Blue’ which
helps to provide a wide range of accessibility of such systems which uses MS Office. As per
the researchers, the said gang had installed the said virus on an inexplicable site and it was
further stolen by some one else who used it to cause a harm to various systems across the
globe (Newman, 2017).
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
First and foremost, training should be provided extensively to people across the globe
and companies about the fact that they are not permitted to access mails received from
unknown mail ids. Further to this any such suspected mails should be immediately reported
so that timely action can be taken as well. Further updating the MS Office software on a
timely basis is a must. Last but not the least, stealing of such an important ‘cyber weapon’
from the government clearly shows that it had not taken adequate steps to protect such an
important thing. Thus the government agencies should tighten their already available security
(Titcomb, & McGoogan, 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES:
Booth,R. (2017). Cyber-attack set to escalate as working week begins, experts warn.
Retrieved from https://www.theguardian.com/technology/2017/may/14/cyber-attack-
escalate-working-week-begins-experts-nhs-europol-warn
Goswami,D. (2017). Wanna Cry ransomware cyber attack: 104 countries hit, India among
the worst affected, US NSA attracts criticism. Retrieved from
http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-
nsa-criticised/1/953338.html
Newman,L.H. (2017). The ransomware meltdown experts warned about is here. Retrieved
from https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/
Perlroth,N., Scott,M. & Frenkel,S. (2017). Cyberattack hits Ukraine Then Spreads
Internationally. Retrieved from
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?
mcubz=3
Titcomb,J. & McGoogan,C. (2017). Cyber attack: Latest evidence indicates ‘phishing’
emails not to blame for global hack. Retrieved from
http://www.telegraph.co.uk/technology/2017/05/15/nhs-cyber-attack-latest-
authorities-warn-day-chaos-ransomware/
Wattles,J. & Disis,J. (2017). Ransomware attack : Who’s been hit. Retrieved from
http://money.cnn.com/2017/05/15/technology/ransomware-whos-been-hit/index.html