NotPetya ransomware attack is similar to the worldwide wannaCry attack or even worse. This is because the main aim of the NotPetya ransomware was not only the money making but also the destruction of the affected data (Shackelford, 2017). The most unique or dangerous thing about NotPetya was that, instead of using unique cryptocurrency wallet, NotPetya linked to a single bitcoin wallet. The problem definition, the cause and effect of the attack is discussed in this report. The report further discusses the possible solution to the problem in the following paragraphs.
This major ransomware attack has spread through US and Europe in June 2017 and is very similar to the WannaCry ransomware attack of May 2017 or even worse. NotPetya used the modified version of the NSA’s stolen and leaked EthernalBlue previously used by WannaCry. The problem with the system was that, it attacked business computers and encrypted all the important files (Chakraborty, Pierazzi & Subrahmanian, 2017). The attackers then demanded an amount of $300 in bitcoins. However, the payment was not feasible. The attack was first identified in Ukraine. It targeted mainly the business organizations, which includes banks, state power utility and metro system. The radiation monitoring system at Chernobyl was affected and was taken offline that forced the employees to use the hand help counters present. It was a targeted and massive global malware attack that affected majorly the windows servers, PCs and laptops. A malware group shadow brokers leaked EthernalBlue, which was the source of this attack, in April. The wannaCry incident had alarmed the users about the data security measures that are needed to be taken in order to prevent these attack. They had installed the patch to protect themselves from the WannaCry, which could have helped them to protect against NotPetya as well. However, the Petya ransomware has two other ways of spreading, mainly targeting the network’s administrator tools (Naved, 2017 ). The attack further affected all the business units of Maersk. This included the container shipping, port operations, oil and gas production and so on.
Notpetya gained the administrator access on a single machine and used that power to gain access to all the computers of the same network. It took the advantage of an idea that included use of a flat network in an organization. In flat network, one administrator computer on one endpoint has the power to control all the other machines or can transfer the credentials present in the memory until control over the windows network is achieved. Apart from using the NSA exploits BlueEthernal, trapping users by appearing as administrator and running a trapped email attachments that installs and runs the malware into the system (Akkas, Chachamis & Fetahu, 2017). NotPetya probably got the access of corporate network with the help of a hijacked software update used for Ukrainian software tool, which was carried on with via phishing emails.
NotPetya was even more advanced than WannaCry, which helped them to access the computer system even after proper security measures that were taken by the authorities after the WannaCry attack in May 2017. The NotPetya ransomware gained access to the administrator computer and found passwords of the other computer in order to infect those systems as well. The requirements of the attacker were very simple. They only needed one un-patched computer to spread into the whole network as the malware manages to get the administrator rights in order to spread to the other computers (Chakraborty, Pierazzi & Subrahmanian, 2017). This attack was more severe than WannaCry because WannaCry had a kill switch, which NotPetya did not have and thus manage to infect more than 2000 organizations across the world.
The effect of the attack was prominent because its provider Posteo shut down the email account that was set up by the attackers to provide the decryption key after the payment. This made it obvious that the recovery of files without backups was not possible and the files were destroyed permanently (Summit, 2017). This attack paralyzed a large number of businesses over the world. NotPetya spread faster than WannaCry and caused permanent damage to the computer hard drives even after the user has agreed to pay for the amount attacker has asked for. The decryption key email address that was promptly shut down after the attack was mainly responsible for this irreversible damage (Halawa et al,. 2017).
The only possible solution of this attack was nonpayment of the amount demanded by the attacker and increasing the security of the systems by installing a proper antivirus and updating the latest patch of the Microsoft operating system. The out of date systems were targeted for the attack was it was easier for the attacker to gain access to the system (Mansfield-Devine, 2016). More precautions should have been taken after the May 2017 ransomware attack, which could have helped in avoiding this attack.
Conclusion
Therefore, from the above discussion, it can be concluded that the NotPetya attack was launched with an intention to destroy the important data and files of different organizations. The attack spread through by hacking an administrator computer, spreading and infecting the other systems in the same network. This was deadlier than WannaCry attack on May 17 because the data under hostage could not be recovered in case of NotPeyta.
The report focuses on the WannaCry malicious software that had hit Britain’s National Health Service in the May 2017. The report elaborates the problem faced, cause and effect of the attack, probable causes of the attack and the measures that could have been taken to prevent the attack (Mohurle & Patil, 2017). The details of the WaanaCry ransomware and its effects are elaborated in the following paragraphs.
The WannaCry ransomware attack in May 2017 had spread worldwide. WannaCry is a malicious ransomware crypto worm that mainly targeted the computers running with Microsoft windows operating system. The malware entered into the system and encrypted all the users’ data and files, thus paralyzing the entire computer (Wirth, 2017). The malware would then demand a ransom payment from the owner or the user of the computer for providing them the key to decrypt the encrypted files and data. The payment was through Bitcoin and hence it was untraceable. The attack broke in on 12 May 2017 and within 24 hours; it had infected more than 230000 computers and had spread over 150 countries. The attacker demanded a payment of hundreds of dollars to decrypt the files of the users.
The ransomware affected over 150 countries infecting over 570000 computers. It was one of the most severe malware attacks of the recent times and widespread as well. WannaCry is a Trojan virus that holds the infected computers as hostages and demands money from the owner. The malware demanded $300 in bitcoins and if the user does not pay within 3 days, the payment doubled. After seven days of the attack, the malware would delete all the files leaving no scope for recovery (Pascariu, Barbu & Bacivarov, 2017). Almost all possible file types were affected by the ransomware. The malware forced the user to pay the amount for decrypting the files. The victims in a need to decrypt their important files would fall prey of the attacker and pay the amount. Thus, the attacker was able to collect a huge amount of money within a short period.
The WannaCry ransomware made use of a flaw in the Microsoft’s software in executing the attack. The payment was made through Bitcoins, which is a popular digital currency among the criminals. This is because, the bitcoins are decentralized, unregulated and impossible to trace. The attacks were mainly targeted for windows 7, as it is one of the most common versions of the windows operating system. However, the infected devices were mainly out of date system and this vulnerability was made use by the attacker (Ausherman, 2017). The users’ files were encrypted using AES and RSA encryption, which indicated that the encrypted files could be, decrypted only using a unique decryption key. The ransomware creates encrypted copies of the file present in a system and deletes the original files. Thus, the user is left with the encrypted files only, which they cannot access without the decryption key. It is still not clear exactly how the ransomware spread, but it is anticipated that the ransomware spread via emails or websites containing malicious programs. The effect was that, thousands of users were forced to pay the amount demanded by the attacker in order to release their files. The ransomware had affected Telefonica in Spain and NHS in Britain and spread laterally throughout the internal network of NHS (Martin et al., 2017).
The criminals gained access to the computer systems by downloading malicious software within the network. This was done by getting the victim clicking a link by mistake. The attacker would now get the access of the victim’s computer and would launch an attack by locking all the files that can be identified within the network. The files are encrypted one after another (Collier, 2017).
One of the users of NSA has unwillingly downloaded a particular ransomware on their own PC and it spread through the same internal network. WannCry made use of the vulnerabilities in the windows 7 and windows XP operating system in order to spread worldwide. WnnaCry propagated using the EternalBlue. EthernalBlue Hacking weapon was created by America’s National Security Agency to gain the access to Microsoft Windows Computer used by terrorist and enemy states.
The attack mainly broke into the systems, which were not up to date with the latest security features of the Windows operating system. The kill switch that was able to stop the ransomware from spreading seemed to be intentional. The attack could have been prevented if the users would have kept their security features up to date. Moreover, agreeing to the demand of the attackers of paying the amount for decryption of files was a bad move as well. This is because; it encourages the attackers in spreading the attack (Swenson, 2017).
Conclusion
Therefore, from the above discussion, it can be concluded that the May 2017 ransomware attack was one of the most widespread ransomware attack of 2017. The attack made use of the vulnerabilities of the out dated operating systems and claimed a huge amount of money from the whole attack. The attack could have been prevented with a little caution. The attack was very intelligent and the attackers managed to spread worldwide by affecting over 150 countries. The report provides a detailed discussion of the said cyber attack.
References
Akkas, A., Chachamis, C. N., & Fetahu, L. (2017). Malware Analysis of WanaCry Ransomware.
Ausherman, N. (2017). Cybersecurity Strengthens US Manufacturers.
Chakraborty, T., Pierazzi, F., & Subrahmanian, V. S. (2017). EC2: Ensemble Clustering and Classification for Predicting Android Malware Families. IEEE Transactions on Dependable and Secure Computing.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Halawa, H., Ripeanu, M., Beznosov, K., & Loffler, A. (2017) Estimating Vulnerability Scores To Augment Enterprise Security Systems.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security, 2016(10), 8-17.
Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we?. Bmj, 358, j3179.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Naved, H. (2017) CYBER ATTACKS, ESPIONAGE AND INTRUSIONS: THE LAW GOVERNING THE NEW GLOBAL FRONTLINES.
PASCARIU, C., BARBU, I. D., & BACIVAROV, I. C (2017) . Investigative Analysis and Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.
Shackelford, S. (2017). Exploring the ‘Shared Responsibility’of Cyber Peace: Should Cybersecurity Be a Human Right?.
Summit, (2017) F. C. News and Events.
Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from WannaCry.
Wirth, A. (2017). It’s Time for Belts and Suspenders. Biomedical Instrumentation & Technology, 51(4), 341-345.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download