Question

In: Computer Science

Conduct some research and find a recent computer virus that has attacked either a company or...

Conduct some research and find a recent computer virus that has attacked either a company or individuals. Explain how the virus effects computers or networks and how to stop the virus.

Solutions

Expert Solution

WannaCry is a ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The worm is also known as WannaCrypt,Wana Decrypt0r 2.0,WanaCrypt0r 2.0, and Wanna Decryptor. It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.WannaCry versions 0, 1, and 2 were created using Microsoft Visual C++ 6.0.

EternalBlue is an exploit of Windows' Server Message Block (SMB) protocol .

Microsoft eventually discovered the vulnerability, they issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, these being Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016.

When executed, the WannaCry malware first checks the "kill switch" domain name; if it is not found, then the ransomware encrypts the computer's data,then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet,and "laterally" to computers on the same network. As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment .

The day after the initial attack in May, Microsoft released out-of-band security updates for end of life products Windows XP, Windows Server 2003 and Windows 8; these patches had been created in February of that year following a tip off about the vulnerability in January of that year.

Organizations were advised to patch Windows and plug the vulnerability in order to protect themselves from the cyber attack.

Prevention :

  • Keep your Windows Operating System and antivirus up-to-date.
  • Regularly back-up your files in an external hard-drive.
  • Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history.
  • Use OneDrive for Consumer or for Business.
  • Beware of phishing emails, spams, and clicking malicious attachment.
  • Use Microsoft Edge to get SmartScreen protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
  • Disable the loading of macros in your Office programs.
  • Disable your Remote Desktop feature whenever possible.
  • Use two step authentication.
  • Use a safe and password-protected internet connection.

working in technical aspect with appropriate abstraction:

The overflow happens in NON-PAGED Pool memory—and specifically in Large NON-PAGED Pool. Large non-page pool do not have a POOL Header. Because of this, after the large POOL buffer, another POOL Buffer can be allocated—one that is owned by a driver with specific DRIVER data. Therefore, the attack has to manipulate the POOL buffer coming after the overflowed buffer. EternalBlue’s technique is to control the SRVNET driver buffer structures. To achieve this, both buffers should be aligned in memory. To create the NON-PAGED POOL alignment, the kernel pool should sprayed.


Related Solutions

A virus has attacked a patient’s adrenal glands, causing the cells of the medulla to die....
A virus has attacked a patient’s adrenal glands, causing the cells of the medulla to die. What symptoms might the patient have? A) Inability to produce aldosterone. B) Inability to produce cortisol. C) Inability to increase heart rate in response to a fight or flight situation. D) All of the above. A new mom produces too little LH, how might that affect her body? A) She will become dehydrated quickly. B) She will not be able to produce milk. C)...
The world has been attacked by COVID - 19 virus, causing dramatic changes in: The level...
The world has been attacked by COVID - 19 virus, causing dramatic changes in: The level of economic activities. The priorities of different sectors and activities. In the patterns of spending and lifestyles of people. Explain the above statement, and mention your expectations for life after COVID - 19 in terms of the above three points.
A computer virus destroyed some of the accounting records for Hampton Furniture Company for the periods...
A computer virus destroyed some of the accounting records for Hampton Furniture Company for the periods of 2017-2019. The following information was salvaged from the computer system. 12/31/17 12/31/18 12/31/19 Beginning direct materials $ 50,250 F $ 45,210 Purchases of direct materials A 65,250 70,125 Ending direct materials 34,165 45,210 L Direct materials used 91,385 54,205 M Direct labor B 155,050 162,000 Manufacturing overhead 115,325 G 127,145 Total manufacturing costs C 319,255 364,130 Beginning work-in-process inventory 36,450 H 29,635 Ending...
Research a virus or malware that spreads via the network once it has infected a computer. Items to note are the following:
Research a virus or malware that spreads via the network once it has infected a computer. Items to note are the following:Name of the infection?How does it infect the original host?Is their a fix for the infection, ie Critical Security Update?What process does it hijack on the computerHow does it spread from the original host?What damage can it do over the network?How can an administrator stop the spread of the infection?
Find financial statements for a health organization to conduct research on
Find financial statements for a health organization to conduct research on
Conduct research to find a company that is successfully using JIT systems in its operations. (i)...
Conduct research to find a company that is successfully using JIT systems in its operations. (i) Describe the company briefly – product/services, locations, customers (ii) Describe the company’s operations briefly – type of process (iii) Describe how JIT is being used and how it has benefitted this company
Conduct research to find one for-profit business, i.e., Company A, that is headquartered in one country...
Conduct research to find one for-profit business, i.e., Company A, that is headquartered in one country and sources products or services from a company in another country, i.e. Company B, that are used in Company’s A final products or services offered for sale. Company B represents the supply chain for Company A. (An example of this is Apple – Company A – which sources manufacturing of some of its products from Foxconn – Company B. Describe the following from your...
Do some research on your externality, find something specific and recent to address. For instance, "environmental...
Do some research on your externality, find something specific and recent to address. For instance, "environmental pollution" or "education" are too broad. Noise pollution due to fireworks on 4th of July or the measles outbreak/vaccine are more specific topics. Describe the externality, identify whether it is positive or negative, and explain why.   Relate your externality to the following concepts (include graphs) Describe the effect on the market using relevant MB, MC, MSB, and MSC curves. Use arrows to indicate direction....
A new computer virus (AcctBGone) destroyed most of the company records at BackupsRntUs. The computer experts...
A new computer virus (AcctBGone) destroyed most of the company records at BackupsRntUs. The computer experts at the company could recover only a few fragments of the company’s factory ledger for March as follows. Direct Materials Inventory BB (3/1) 89,600 Work-In-Process Inventory BB (3/1) 27,600 Finished Goods Inventory EB (3/31) 66,500 Cost of Goods Sold Manufacturing Overhead Control Accounts Payable 54,600 EB (3/31) Further investigation and reconstruction from other sources yielded the following additional information: The controller remembers clearly that...
A new computer virus (AcctBGone) destroyed most of the company records at BackupsRntUs. The computer experts...
A new computer virus (AcctBGone) destroyed most of the company records at BackupsRntUs. The computer experts at the company could recover only a few fragments of the company’s factory ledger for March as follows: Direct Materials Inventory BB (3/1) 90,700 Work-In-Process Inventory BB (3/1) 27,400 Finished Goods Inventory EB (3/31) 66,100 Cost of Goods Sold Manufacturing Overhead Control Accounts Payable 54,600 EB (3/31) Further investigation and reconstruction from other sources yielded the following additional information: The controller remembers clearly that...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT