Background of the Petya Malware Attack
There has been a huge development in the technological field in the recent times. There has also been a huge development in the field of internet technologies. With the improvement in the different type of technologies there have also been concerns that are raised in the recent times. In addition to this, there have also been various types of security breaches and data hazards that have been reported in the past few years (Kharraz et al., 2015). The security breaches and the data hazards that have taken place in the last years have raised great concerns among the common people and also the technical experts.
In addition to this, the breaches have also resulted in various types of business deficiencies and also raised a number of concerns among the businessmen (Mercaldo et al., 2016). This also has a huge effect on the businesses all over the world. In addition to this, these data breaches and security concerns have also put a question over the data integrities and also hampered the privacy of the people, raising serious concerns among them.
The report is concerned with one of the latest security breaches that have taken place in the past few years and also the impact it created both technically and also covers the business aspects of it.
The report provides a brief introduction about the situation. It also provides the effects of it technically and also the effects of the incidents on the business and also on the society. In addition to this, the report also provides some recommendations for the resolution of the situations and also concludes on the present situation.
The report is concerned with the Petya malware that has been one of the biggest security breach of the recent times. It has been reported by the data breach today, in their article, “Massive Malware Outbreak: More Clever Than WannaCry”, released on June 28, 2017. It has been reported that the petya ransom ware that was created had far more power than the WannaCry software (Maiorca et al., 2107). The ransomware attacks have increased to a great extent in past few years and also the technologies have also improved in the recent times. It is important to know about the software that were being used for the attacks.
The WannaCry ransomware was made on May 2017. It conducted a worldwide attack affected a large part of the world. The ransomware had mainly targeted the computers that were running on the Windows operating systems. The software is used for the encryption of the data and also used for demanding the ransom to be paid via bitcoin.
Comparison to WannaCry Ransomware Attack
The bitcoin is a crypto currency basically used by the hackers and mal practitioners who keep themselves hidden from the outside world and call themselves anonymous. In addition to this, the hackers carry out the attacks from hidden point on the networks (Choi, Scott & LeClair, 2016). The attack made by the software had started affecting the sources from May 12, 2017. According to the reports the attack had infected more than 230,000 systems in a day.
Although, the attack was slowed down after the kill switch that is being used by the software was indentified and eliminated from the systems. In addition to this, the second malware attack that was spread globally in the next month was much more powerful and spread over a larger area. In had a bigger impact on the technical backgrounds and also in the society. The petya malware that has been designed has a much more faster speed than the WannaCry malware and is also spreading faster than the WannaCry malware.
The ransom ware had at first attacked the machines that were present in Ukraine and had spread all over Europe and Asia form there. This also uses the Microsoft windows as a platform for spreading the infections in the system (Scaife et al., 2016). In addition to this, it has been reported by the Microsoft corporations that more than 12,500 machines have been affected by the software across 65 countries. The petya has the capability of move laterally as it has the presence of the worms in it.
The ransomware had shared the coding that was there for the previous versions. The only difference in this situation was that the new version was way more sophisticated than the previous versions and hence, it was very difficult to track it down and also reduce the effects immediately and also the experts has to use a lot of concepts for decoding the software and the understand the construction of the software (Cabaj & Mazurczyk, 2016). For May 12, the malware had spread 300,000 machines in just a few days.
The creator of the new software had updated the previous version to great extent and had included some new features in the system that had allowed the software to infect even the latest versions of the windows systems. It did this by running the patches of the software on the machine that were latest. The software also has auto evolutions system enabled in it that allows the software to evolve on its own and adapt to different type of updates that were made in the windows systems. In fact, it has been reported that the software is evolving on its own even before the organizations can respond to the effects of the software.
Impact of Petya Ransomware Attack
The Petya software uses the concepts that are generally used by the crypto locking software and also infects the computers and uses technologies to lock and encrypt the entire hard disk of the system (Hernandez-Castro, Cartwright & Stepanova, 2017). After the procedure the system demands for ransom of $300 from the users and once the user provides the ransom to the hacker the person on the other side unlocks the systems and user can freely access all his files again. In addition to the hacker demands the money from the user in the form of virtual money.
In addition on this, the hacker also keeps their identity hidden form the users and also from the outside world and hence they make their demands in the forms of bitcoin. Although, it seems that the hackers have only financial gain from the attacks but it has been reported that the attacks are far more damaging than it is estimated to be. The designers of the software had not made any provision for the users to pay the ransom. It is also thought that the ransom is only just a disguise in order to spread chaos all over the world.
In addition on this a senior director of the operations at the Cyphort has been quoted saying that, “That’s the weird thing about this, it really leaves the machine in an unstable state. It seems to be a lot more damaging than typical ransomware attacks.” And in fact the software is basically designed for infecting machines on a large scale and also intended on spreading wide spread damage across the world. It is also being said that attackers are actually doing a different thing rather than spread viruses in the machine across the whole and actually using the ransom ware as a model for the distraction of the people and the authorities.
It is also reported that this kind of techniques have also been reported before and this could mean something bigger is happening in the background while this is carried on in the front. It has been reported that the systems that were present in Europe and Ukraine were being trapped into the ransom ware when they had install updates of the Microsoft systems that they were running on their machines (Song, Kim & Lee, 2016). The software that was used luring the people into the attack of the system was known as the MeDoc that was basically downloaded from the FireEye. The MeDoc is short name for the My Electronic Document and this was product of an Ukranian company and this was from where the attack was generated.
Attack on Ukraine and Government Organizations
There were different victims of the of the attacks that were affected form various parts and with various type of backgrounds. The main organizations that were being affected by the attacks were the central bank of Ukraine, the different type of government organizations of the country and also the Boryspil Airport that was situated at Kiev. They were all hit with the variant of Petya. The attackers had launched the attacks with the MeDocs very elegantly and very efficiently so that they could not tracked in any way before the attack is launched.
The elegancy of the attack lies in the idea the MeDoc was very important application for the official works that are conducted in Ukraine and this increased the efficiency of the attack. According to the Gurgq, “Everyone that does business requiring them to pay taxes in Ukraine has to use MeDoc (one of only two approved accounting software packages). So an attack launched from MeDoc would hit not only Ukraine’s government but many foreign investors and companies”.
It is also knowing that this type of attacks are very effective but these are attacks are rarely seen in these days and hence, this attack surprised a lot people and also reduced their time to respond to the situation with this out of the box attack (Kolodenker et al., 2017). Companies are generally known to guard themselves against the attack of this kind and hence, to pull of the attack the hackers are required to gain access to the main systems of the company and also tamper or alter whatever is required in the code without being detected by anyone within the company.
This would force the updated versions of the software to be installed without being forced to set the alarm off. According to the reports it was first thought of that the infections are occurring from the installation of the MeDocs Software, however afterwards it was understood that the infections were actually occurring from the updating of the software. After several of the technical analysis it was found that the software supply chains attacks are the major platforms that the attackers are using for the attack on the systems and hence there are requirements of defenses with advanced features enabled in them (Bhardwaj et al., 2016).
In addition to this, there are reports that the peyta has also been spreading through the phishing emails and also with the malicious attachments that were containing the infection and they were aiding in the spreading of the infections throughout the systems. In addition, it has also been noticed that the malware had spread through the attachments that pretended to be resumes and delivery notices. The malware makes use of the Eternal Blue for the navigation through the windows systems of the Microsoft Company.
Spread of the Ransomware Attack
The infections can be spread easily in the machine by scanning through the internet for the windows systems. Although the Microsoft corporations have applied the emergency patches to their systems for the mainstream support in the operating systems that include windows XP. Although, the patches were issued by the Microsoft Company, but many of the organizations did not apply the patches and as a result of this the systems were vulnerable to the attacks that were carried out by the malwares and also the attackers got easy access to the machines so that the attacks were very easy to be conducted by the attackers.
In addition to this, the SMB flaws were not patched by the organization and this also made the hackers jobs easy for the transfer of the infections into the machines (Pathak & Nanded, 2016). It is believed the hackers were basically a Korean group and North Korea more specifically. It has also been reported that many of the flaws were detected and resolved during the attack by the WannaCry but these resolutions were exceeded by the Peyta software.
In addition to this, it is also known that Peyta is capable of snagging the credentials. Once a software a acquired the login credentials it makes use of the PSExec, and it is a Microsoft Remote access tool and performs the functions that are similar to the Telnet. Using this the software tries to infect the other machines. It is also reported that the software makes use of the Windows management Instruments for the management of the windows machine and spreading the virus throughout the systems. The usage of this kind of tools that are very legitimate are usually very difficult to track and hence, the hackers get away very easily.
The ransom ware has been a very difficult malware to be tackled, although there has been various kind of detection techniques and concepts that have been used to reduce the effect of the software on the machines (Sgandurra et al., 2016). However, some recommendations are provided for the general public to be aware and be safe from the ransom ware. The following recommendations would be very appropriate:
- Use External devices for backups and restoring files: The people should make use of external devices apart from their system such as the hard disks and the online back ups.
- Do not interact with malicious mails and extensions: the people should not interact with the emails and the extension that are not necessary to them and also they should not be clicking on links that are not useful to them.
- Always install the updates: The latest updates that provided by the companies that provides the software. The updates include the latest patches that prohibits various type of attacks and also makes it difficult for the attackers to access the systems.
- Never pay the ransom: The people should never pay the ransom to the hackers because it is both illegal and also do not get back their data as promised by hackers.
- Personalize anti-spam settings: Refrain from clicking on eye-catching extensions in any emails or websites. Without the prior knowledge of what the user is clicking on they should first check the website for any malicious web advertisements.
- Do not fall prey to click baits: Click baits are provocation images on the websites that attract the attention of the user visiting the website.
Conclusion
For conclusion, it can be said that, the ransom ware has been the latest development in the field of technologies and are one of the major issues including security breaches in the past few years. The report is concerned with one of the latest security breaches that have taken place in the past few years and also the impact it created both technically and also covers the business aspects of it. The report has provided a brief introduction about the situation. It has also provided the effects of it technically and also the effects of the incidents on the business and also on the society. In addition to this, the report also provides some recommendations for the resolution of the situations and also concludes on the present situation. The report uses the case of the Petya for the description of the situation and also describes the reasons that are causing the breaches in the security. The report also provides the recommendations for the remedy of the situation.
Attack Through Phishing Emails and Malicious Attachments
References
Ali, a., Murthy, r., & Kohun, f. (2016). Recovering From The Nightmare Of Ransomware-How Savvy Users Get Hit With Viruses And Malware: a Personal Case Study. Issues In Information Systems, 17(4).
Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B. (2016). Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9, 14.
Cabaj, K., & Mazurczyk, W. (2016). Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Network, 30(6), 14-20.
Choi, K. S., Scott, T. M., & LeClair, D. P. (2016). Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory. International Journal of Forensic Science & Pathology.
Cobb, S. (2017). RoT: Ransomware of Things.
Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., & Maggi, F. (2016, December). Shieldfs: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 336-347). ACM.
Hernandez-Castro, J., Cartwright, E., & Stepanova, A. (2017). Economic Analysis of Ransomware.
Kaptchuk, G., Miers, I., & Green, M. (2017). Managing Secrets with Consensus Networks: Fairness, Ransomware and Access Control. IACR Cryptology ePrint Archive, 2017, 201.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.
Kolodenker, E., Koch, W., Stringhini, G., & Egele, M. (2017, April). PayBreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 599-611). ACM.
Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, C. A., & Martinelli, F. (2017, April). R-PackDroid: API package-based characterization and detection of mobile ransomware. In Proceedings of the Symposium on Applied Computing (pp. 1718-1723). ACM.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
Orman, H. (2016). Evil Offspring-Ransomware and Crypto Technology. IEEE Internet Computing, 20(5), 89-94.
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on(pp. 303-312). IEEE.
Sgandurra, D., Muñoz-González, L., Mohsen, R., & Lupu, E. C. (2016). Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. arXiv preprint arXiv:1609.03020.
Song, S., Kim, B., & Lee, S. (2016). The effective ransomware prevention technique using process monitoring on android platform. Mobile Information Systems, 2016.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
