Wednesday, May 6, 2020
Incident Of Ransomware Attack Samples â⬠MyAssignmenthelp.com
Question: Discuss about the Incident Of Ransomware Attack. Answer: Introduction Cyber security is perhaps the most pressing concern for the current world order. The exponential growth in the frequency of cyber-attacks and the rate of evolution of the types of cyber-threats have forced the protectors of cyber world to stay vigilant always. It has become a race between the protector and the attacker and it seems that the attacker always manages to stay a step ahead (Sales, 2012). The report focusses on this fact by introducing the incident of a recent ransomware attack worldwide that has caused turmoil throughout the globe. Discussion The report discusses in detail the incident, the mode of the attack, the part of the society which is affected the most and the way they are affected, lastly, the possible remedies to such problems. About WANNACRY The WANNACRY initiated its attack on May 12, 2017 by a hacker group known as The Shadow Brokers that spread and affected worldwide. It is a ransomware crypto worm that attacked those computers, which is running any version of Microsoft Windows as its operating system (Mohurle Patil, 2017). The attack was carried out by encrypting various contents of the system including the operating system and demanding payments as ransom in the form of bitcoin crypto currency. The hacker group claimed that after receiving the demanded payment they would provide a decryption key to the victim, using which the victim can restore the computer to its previous status (Mohurle Patil, 2017). The ransomware violates a glitch of Windows Server Message Block (SMB) protocol, known as EternalBlue, to enter the targeted system. It was later found that this glitch was originally identified by the United States National Security Agency (NSA), who stored it for carrying out other offensive operations rather than reporting it to Microsoft Corporation (Swenson, 2017). The glitch was later found by Microsoft a few months prior to the ransomware attack and it immediately launched security bulletin, on March 14, 2017, which explained the problem in detail and informed the release of security updates for all Windows versions, which were supported by Microsoft; namely Windows 7/8.1/10/Server 2008/Server 2012/Server 2016/Vista (Renaud, 2017). However, there were many users who did not install the necessary patch at that time and were affected when two months later, on May 12, 2017 the ransomware attack initiated. There were also many people who were using unsupported version of Windows i n their system like Windows XP / Server 2003. Those were the first to get affected by the attack (Renaud, 2017). Mode of the Attack The infection WANNACRY has the same attack signature as most advanced ransomware. It infects a computer by finding and encrypting a range of vital system files. The user is prohibited to access the system and view or retrieve any content from the same (Shackelford, 2017). A ransom note is displayed on the computer monitor that asks the user to pay up a one-time ransom of 300 - 600 US dollar worth of bitcoin crypto currency. The ransom is required to be delivered to receive the process of decryption that will free the affected computer from the ransomware (Shackelford, 2017). Effect of WANNACRY on the world The ransomware attack took a toll on over 230,000 computers in 150 different countries within a day. The National Health Service (NHS) of United Kingdom was partially infected by the attack, forcing it to carry out certain functions on an emergency basis during the outbreak (Collier, 2017). Certain organisations of Spain like Deutsche Bahn, Telefonica and FedEx were also infected along with many other organisations worldwide (Collier, 2017). The general mass throughout the world were veritably affected and the damage caused to the number of personal computers were gigantic (Collier, 2017). The ransomware attack left the victim with the choice either to pay up the required ransom with no guarantee that the affected system will be cured of the infection even after the ransom is payed; or not to pay and accept the damage done (Walkinshaw, 2017). Possible Remedies Conjured A remedy was conjured within a short time after the beginning of the outbreak by a 22-year-old web security researcher hailing from North Devon, England known as Marcus Hutchins (Gandhi, 2017). He found a way to kill the infection by registering a domain name that he identified in the code of WANNACRY. This discovery hindered the spread of the infection greatly, pausing the initial attack on Monday, May 15, 2017 (Gandhi, 2017). However, newer versions of the ransomware were detected from which the kill-switch was removed. Under certain circumstances, some researchers claimed that they found ways to retrieve data from infected computers (Gandhi, 2017). Microsoft on their part had launched security patches as soon as possible that detected the vulnerability of EternalBlue in a computer running Windows Operating System of both supported and unsupported versions and removed them, thereby rendering the ransomware useless (Gandhi, 2017). It is claimed by security experts that within four d ays of the outbreak most organisations had applied updates which had slowed down the spread of the infection considerably. Detailed technical write ups were also released by many organisations like Malwarebytes, McAfee, Microsoft, Symantec and Cisco that helped to prevent the infection a lot (Gandhi, 2017). Conclusion The report concludes with the awareness that a determined mind is hard to stop. However, equal or stronger determination can prevent catastrophe. Therefore, the protectors of cyber security should always have the determination to protect the cyber world against its attackers that should be stronger than the determination of those who seek to hamper it. The threat to cyber security is a disease that is better to keep at check always and to eradicate completely if possible. References Collier, R. (2017). NHS ransomware attack spreads worldwide. Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International Journal of Computer Applications, 168(3). Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5). Renaud, K. (2017). It makes you Wanna Cry. Sales, N. A. (2012). Regulating cyber-security. Shackelford, S. (2017). Exploring the Shared Responsibilityof Cyber Peace: Should Cybersecurity Be a Human Right?. Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from WannaCry. Walkinshaw, N. (2017). What Is Software Quality, and Why Does it Matter?. In Software Quality Assurance (pp. 7-21). Springer, Cham.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.