Ransomware Virus Is Responsible To Sabotage-Myassignmenthelp.Com

Questions: 1. What was the problem? 2. How and why it occurred? 3. What are the possible solutions? 4. What was the problem? 5. Who was affected and how? 6. How was the attack carried out? 7. What could have been done to prevent the attack? Answers: Introduction The ransomware virus is responsible to sabotage ones computer and encrypt his or her personal files and ask for money to decrypt back those files (Kirda, 2017). Petya and WannaCry , the two ransomware virus have been discussed thoroughly throughout the report, the latter attacked in the month of May 2017 and the former attacked in the month of June 2017 and created mishaps all throughout the world. The report will showcase the two viri and their impact elaborately will also show light on how the virus spread and the process to mitigate the adverse effect of the two. The ransomware virus, Petya was associated in the month of June 2017 ransomware cyber-attack 1.The Petya ransomware virus attacked the computer system of an individual and gained access to the computer, and then the intruders encoded the personal files of those individuals (Richardson and North, 2017). Later when they went to open their computer they found a warning message that their system is locked and the file had been encoded, the individuals who are willing to get back the files must have to pay a huge amount of money, the range was around $300 (Kirda, 2017). After the payment, they could get access to the key by which the files could be decoded back. It is not limited to that; it makes the whole drive unreadable, even it makes the whole Windows operating system unbootable as well. The problem creates that it not only affects individuals but also the HR of the public as well as private companies. 2.One of the business organisations was given the responsibility to work on the accounting software for the government of Ukraine. The ransomware attack spread its wings at that time, and the whole Ukrainian government along with the whole state got involved and got affected heavily by the aforesaid virus (Aurangzeb et al., 2017). Petas impact is comparatively higher compared to the other prevalent virus at that time, the virus is said to have been originated by the intrusion of the accounting software of Ukraine named MeDoc. Within a short span of time, the malicious software spread from one machine to other (Richardson and North, 2017). The virus attack through insecure network and ransomware is no exception, with the help and support of EternalBlue, the virus multiplied its impact with the use of WMIC. It basically said to originate from the country Ukraine, later it affected Russia, United Kingdom and also to India. The exact origin of the virus remains still undetected. The adva nced users solve their issues or problems, but those who are not used to the operating system, got affected by the Petya virus, the students and the educators are the main victims. The effect of Petya virus can be detected by the following symptoms, they can be detected by seeing the Blue Screen of Death of Windows operating system. Petya started encoding the master table file. Later after the blue screen of death, the user can see the red warning screen (Kharraz et al., 2015). The warning screen of Petya shows the red skull warning message. Through this message, Petya sends the payment message that means they have to pay the amount in the form of bitcoins. Only after paying the amount the victim can gain access to the system. 3.The viruss effect can be reduced by the following means- The business organisations or the individuals should install quality anti-virus software in their system to get rid of the harmful effect of the Petya virus (Mansfield-Devine, 2016). The antivirus software also gives probable solutions to fight against Eternal Blue. The ransomware virus generally affects the files which can be both reads and write and leave those files which are only read-only, so the users who want to protect their files must save their important files in read-only mode (Hong 2017). iii. The user must not open the email attachment which seems to be suspicious (Mercaldo et al., 2016). The email attachments can come from the trusted sender, but one should not open it. WannaCry is the second antivirus which will be discussed in the report which spread in the month of May 2017. 5.WannaCry works almost similar to Petya, it attacked the computer system of individual and encoded the files residing in the system, in this way the hackers encrypted almost all the files present in the hard disk, the antivirus is the cause for many PC sabotage too, and many victims have claimed that their PC has been locked (Mohurle and Patil, 2017). This virus especially seemed to be spread via Server Message Block, SMB is that port that operates on the two ports 445 and 139. This ransomware virus basically targeted the Windows users all over the world, after the initial attack, it spread through the entire Windows operating system, sometimes make it unbootable, the users at the time of login, found their system was being hacked by WannaCry and they could be set free, if they wished to pay $300. This ransomware virus not only encodes the file but also delete the original file, in this way it threatens the user for the loss of data (Morgan, 2016). It creates a sense of urgency to the users and makes it more vulnerable, even after the payment there is no guarantee that the intruders will give them the file back, in some scenarios the files get destroyed permanently. It started to spread from the UK and later spread its wings to rest of the world. 6.It has been researched well and found that Microsoft XP being the outdated operating system is not affected by the ransomware antivirus and Windows 7 has been affected the most. This ransomware attacked principally the Windows 7 clients. At initial, WannaCry attacked the computers of the individuals then encrypted the personal files via AES-128 figure and the hackers intentionally removed the shadow copies within (Collier, 2017). The victims who were hacked found that their system has been sabotaged and they could release their system if they were willing to pay an amount of $300 or more in the form of Bitcoin. The virus spread via WannaCry's wannacrydecrypter.exe, they used the tor.exe to connect to the local nodes with them (Simmonds, 2017). The IP of the victims computer system is traced first and then via associated IP subnets, the virus spread among the masses. The attack was basically conducted via the port 445. The intruders asked for money via this connected port and the am ount they received got transacted via this port. 7.WannaCry seems to have been hosted on a website first and then via the website, it spread, however, the original infected source is unknown to all, the WannaCry used Server Message Block to spread the malware.When a URL got infected by the WannaCry antivirus, the intruders run the switch URL to send the virus in the sandbox, they cross-checked for he URL whether that got killed or not, after making sure it got killed and there is no way that the URL would response again, they infected all the files of the system via AES-128 figure (Collier, 2017). The encrypted files got the extension of .wncry. The infected files could only be encrypted by the intruders with him special digital key however, the victims had to pay a large sum of money of around $600 or so (Hills, 2017). When the victims logged in their system could see a warning message, the attack which was conducted by WannaCry. Microsoft SMB has been used to share files with the individuals who are connected to the closed networ k and gets highly affected (Moon Chang, 2016). The intruders who perform all the attack do not guarantee that after payment they will give them the file back, even if they give the file back there is no guarantee that the file is readable. 8.The individuals, however, could save themselves from the attack by the following means- The users or the individuals should keep backup of their files which are very important and will be needed in mere future. The company or the business orgainsations should take the initiative to back up the files because that could save a whole lot of money of the company as well as the resources. The business organisations must configure a risk management plan to mitigate all the digital security threats (Laszka, Farhang and Grossklags, 2017). Within the WannaCry malware there stays a long URL that can effectively act as a kill switch. iii. During the execution, the WannaCry looks for the domain, if it finds out the domain name then automatically the WannaCry Decryptor stops working or stop spreading the virus. Therefore, who buys the domain name or get registered with the domain name can stay safe from the WannaCry attack (Moon Chang, 2016). But those who are already affected cannot get rid of the adverse effect of the WannaCry virus. The DOUBLEPULSAR should be removed from the system as it restricts antivirus to work. Therefore, the back door must be removed (Choi et al., 2016). The SMBI file protocol should also be disabled via which the worm spread across. The usage of the cloud services can mitigate the effect of ransomware infection, as the previous version of the files can help to revert back to the unencrypted form. vii. The users should make check the status of the email carefully as it may contain the virus. Conclusion It can be concluded from the above discourse that the WannaCry and Petya the two ransomware virus attack is a threat not only limited to individuals but it created an adverse impact on the organisations as well. The report stated the how both the virus spread their wings, how they got connected to the users, how they took out money. The victims suffered a lot as because the whole operating system got sabotaged due to this viral attack, the software, the important files everything was put into risk. The victims in some scenario lose their files completely even after paying the money. The organisations also suffered, they gave no respite the government organisations too. However, the risks could have been mitigated if they backed up their files, installed antivirus software in their system. All the possibilities and the positive outcome have been highlighted in this report. Both the Petya and WannaCry virus effect has been diminished, however by taking necessary precautions individuals or the business organisations can save themselves from the attack. References Aurangzeb, S., Aleem, M., Iqbal, M. A., Islam, M. A. (2017). Ransomware: A Survey and Trends.Journal of Information Assurance Security,6(2). Choi, K. S., Scott, T. M., LeClair, D. P. (2016). Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory.International Journal of Forensic Science Pathology. Collier, R. (2017). NHS ransomware attack spreads worldwide. Hills, M. (2017). Lessons from the NHS ransomware calamity.EDQuarter,26. Hong, S., Liu, C., Ren, B., Chen, J. (2017, June). Poster: Sdguard: An Android Application Implementing Privacy Protection and Ransomware Detection. InProceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services(pp. 149-149). ACM. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment(pp. 3-24). Springer, Cham. Kirda, E. (2017, February). UNVEIL: A large-scale, automated approach to detecting ransomware (keynote). InSoftware Analysis, Evolution and Reengineering (SANER), 2017 IEEE 24th International Conference on(pp. 1-1). IEEE. Laszka, A., Farhang, S., Grossklags, J. (2017). On the Economics of Ransomware.arXiv preprint arXiv:1707.06247. Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage.Network Security,2016(10), 8-17. Mercaldo, F., Nardone, V., Santone, A., Visaggio, C. A. (2016, June). Ransomware steals your phone. formal methods rescue it. InInternational Conference on Formal Techniques for Distributed Objects, Components, and Systems(pp. 212-221). Springer, Cham. Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017.International Journal,8(5). Moon, J., Chang, Y. (2016). Ransomware Analysis and Method for Minimize the Damage.The journal of the convergence on culture technology,2(1), 79-85. Morgan, S. (2016). IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected internet of things devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions and consumers globally.Risk Management,63(7), 40-41. Richardson, R., North, M. (2017). Ransomware: Evolution, Mitigation and Prevention.International Management Review,13(1), 10. Simmonds, M. (2017). How businesses can navigate the growing tide of ransomware attacks.Computer Fraud Security,2017(3), 9-12.