ChapterPDF Available

What Petya/NotPetya Ransomware Is and What Its Remidiations Are

Authors:

Figures

Content may be subject to copyright.
15
What Petya/NotPetya Ransomware Is and What
Its Remidiations Are
Sharifah Yaqoub A. Fayi
Abstract
Ransomware attacks have been growing worldwide since
they appeared around 2012. The idea of ransomware
attacks is, encrypting and locking the files on a computer
until the ransom is paid. These attacks usually enter the
system by using Trojans, which has malicious programs
that run a payload that encrypts and locks the files. The
basic goal of this type of attack is getting money, so
hackers usually unlock the files when they receive the
money, but really there is no guarantee of that. Ran-
somware attacks have various versions such as Reveton,
CryptoWall, WannaCry, and Petya. The Petya attack is the
attack that this paper discusses, especially the most recent
version of it, which is referred as NotPetya. This paper
defines the NotPetya attack, explains how it works, and
where and how it spreads. Also, this paper discusses four
solutions available to recover after a system infected by
the NotPetya attack and propose the best solution depend-
ing on intense research about the recovering solutions of
this attack.
Keywords
NotPetya recovering · NotPetya ransomware · NotPetya
ransomware removing · NotPetya ransomware
solutions · NotPetya ransomware prevention
15.1 Introduction
This paper especially discusses the most recent ransomware
attack, which appeared on June 27, 2017, called NotPetya
ransomware and recently has been the second global infor-
S. Y. A. Fayi ()
Department of Computer and Information Systems, Robert Morris
University, Moon Township, PA, USA
mation security issue in the world [1,2]. This ransomware
is a modified version of Petya that is referred as NotPetya
to distinguish this attack from the old version of Petya
attacks. NotPetya differs from old versions by taking a high
level of encryption that doesn’t encrypt just the files but it
also encrypts the whole system. It encrypts the Master File
Table (MFT) after rebooting the infected system, therefore
the Master Boot Record (MBR) becomes impracticable [3,
4]. As a result, by locking the MBR, the infected system
eventually becomes useless, so you can’t reach your files or
even the operating system on the drive because the MBR,
which is a sector of a hard drive, is essential to identify
the location of the operating system and files. NotPetya
spreads by taking advantages of the EternalBlue, which is
a vulnerability in the Windows operating system, and this
vulnerability also exploits by the WannaCry attack. In addi-
tion, the EternalBlue is not the only vulnerability NotPetya
uses, it tries to exploit other Windows vulnerabilities, such as
PsExec, Windows Management Instrumentation (WMI), and
EternalRomance to propagate through the infected network
[1]. NotPetya attack can for example, use the WMI tool to
propagate by getting the administrator access information in
one unpatched computer in the network and propagate itself
to other computers in the same network. Robert Lipovsky
who is an ESET researcher said, “It only takes one unpatched
computer to get inside the network, and the malware can
get administrator rights and spread to other computers.” [6].
Also, this ransomware can extend and affect other computers
through the network by getting the users’ logins information
[5]. Another way the attack uses to spread is by phishing
emails that contain malware-laden attachments [2,7]. After
that, if the computer is affected by NotPetya, a message
telling your computer files are encrypted will appear, and it
demands you $300 Bitcoins to decrypt the files as Fig. 15.1
shown [6].
Ukraine is the country where the attack started and af-
fected many government offices, banks and the airport [2].
According to the Ukrainian Cyber Police, the attack is
© Springer International Publishing AG, part of Springer Nature 2018
S. Latifi (ed.), Information Technology – New Generations, Advances in Intelligent Systems and Computing 738,
https://doi.org/10.1007/978-3-319-77028-4_15
93
94 S. Y. A. Fayi
Fig. 15.1 Note displays on
computers infected with
NotPetya
Fig. 15.2 Top 20 countries
depend on number of infected
organizations
distributed through the accounting software, which is called
MeDo, which Ukrainian companies need to work with the
government [2].
This attack doesn’t affect just Ukraine, it is also detected
in other 64 countries in the world including Europe and
the USA [6]. Based on the following Fig. 15.2,theUSA
is the second highest country affected by the NotPetya after
Ukraine [8].
It is obvious from the number of countries and organiza-
tions which NotPetya infected that this ransomware attack
spreads rapidly and affects great spots of the world. In
addition, this spreading of the NotPetya leads to significant
disruptions because it targets the important organizations in
a country like advertising firm WPP, shipping giant Maersk,
and Heritage Valley Health System [2,5]. Such organizations
require their systems to be operational all the time to do their
job completely and perfectly. As a result, and as we know that
prevention is better than remediation, you must prevent your
network from being infected this by, for example, requesting
help from IT specialists if you have a big organization or
learning about security threats if you have a small business
and don’t want to spend much money for an IT expert.
To prevent your network, US CERT recommends you, for
instance, to update your computer system to last Microsoft’s
patch for MS17-010 SMB vulnerability, to make regular
backups for your data and test them, to set anti-virus & anti-
malware regularly scanning, to manage the use of privileged
account, to secure the use of WMI by setting permissions [1].
However, if your prevention system is not that strong and the
NotPetya ransomware is running in your computer or your
network, there are some solutions to recover from it and this
paper reviews four solutions.
15.2 Literature Review
The aim of this paper is to discuss four existed solutions to
remediate infected devices after NotPetya Ransomware in a
clear and easy way that doesn’t require a depth experience in
computer fields or a technician who cost much money.
The first solution is a solution that CrowdStrike Blog
explains. This blog explains tools for decrypting the MFT,
which has the system files and their information and helps
recovering files after the attack. These tools exploit the
shortcomings of the implementation of the Salsa20 cipher in
NotPetya to restore the files from MFT by at first extracting
the MFT from a corrupted hard disk, then using the De-
cyptpetya.py tool that you can find in the CrowdStrike code
15 What Petya/NotPetya Ransomware Is and What Its Remidiations Are 95
warehouse [9]. This solution in my opinion is a good solu-
tion because CrowdStrike Blog has proved that their tools
can extract and decrypt the most decryption MFT records.
However, this solution requires depth technical information
in the computer and technology fields, so I think it is difficult
for the people who don’t have enough technical information
or small businesses that don’t have enough budget to follow
this solution that requires a technician who costs a lot. I
suggest those businesses or any person who uses a computer
for personal purposes to use an easier way that doesn’t cost
much money to recover their files because those people and
the small business in my opinion don’t have that much of
sensitive data or files that deserve spending much money to a
technician to restore their files. They can try the one of other
following solutions that the paper discusses, which doesn’t
require intensive information in dealing with NotPetya ran-
somware threats.
The idea of the second solution which, the @HackerFan-
tastic mentioned on Twitter, is interrupting the encryption
process by utilizing the waiting time that NotPetya ran-
somware takes to reboot the system. The account advises
you to turn off your computer instantaneously if you see the
following message (Fig. 15.3)[2].
The second solution seems to be a great solution to
prevent files from encryption, but I assume that the disad-
vantages of it are, you must be concentrated and turn off your
computer as quickly as you can without any delay, which is
sometimes easier said than done, and there is no practical
proof that I can find. As a result, I believe that if you don’t
have that much information about security attacks, you can’t
do this quick response.
The third solution which 2-SpyWare.com provides, is
recommending you use some anti-spyware like, Reimage and
Malwarebytes Anti Malware for removing the attack [10].
They explain two manual removal methods which eliminate
NotPetya by using Safe Mode with Networking or by using
System Restore. In the first method, you must enter the Safe
Mode after you restart the system to escape NotPetya and
access a security tool, so you can download any anti-spyware
software that helps you to eliminate the NotPetya, but if
the ransomware denies the Safe Mode with Networking, try
the second method [10]. The second method is removing
NotPetya by using System Restore which also required to
reboot the computer to the Safe Mode, but with Command
Prompt. When the Command Prompt appears, you can use
some commands that 2-SpyWare.com demonstrates visibly
to restore your system to prior date. After that, you should
Fig. 15.3 Message shows
encryption process
96 S. Y. A. Fayi
scan your computer and make sure that NotPetya is suc-
cessfully removed [10]. After that, you can try to restore
data by using Data Recovery Pro Method software, which
can help to restore damaged files or ShadowExplorer, which
can help to decrypt infected files [10]. Even if you cannot
decrypt the files by an official NotPetya decryption program
because 2-SpyWare.com indicates that “NotPetya decryption
is not available yet.”, I think the third solution if you have
plenty technical information is the perfect way to recover
your computer by just following the clearly guide in the
website.
The final solution is acceptable for those who want the
easiest and clearest way to eliminate NotPetya and their
files worthless to try hardly and costly to redeem them. The
solution is formatting the infected hard drive and reinstalling
the operating system and after that, with a fluke you can
restore the files from backups if you back up your files
routinely [2,6]. Consequently, keep your anti-virus up to date
and set automatically backup for your files even if on another
device or on the cloud [2,6].
15.3 Proposed Solution
I reviewed four solutions in this paper that deal with Not-
Petya ransomware, and I believe that the best and easiest
solution depends on the ability and the experience of the
person in dealing with security attacks. However, I propose
to try a solution that a small business or a person who has
enough information in technology can follow. This solution
obviously is not paying the ransom to obtain the key that
decrypts the files because there is no guarantee of that but the
solution is the third one in this paper that I think is the perfect
solution you can follow to recover after the ransomware
attack. The idea of this solution is restarting your computer
and entering the Safe Mode, then removing NotPetya by
downloading an anti-spyware and after that restore your
infected files by using some software that help you in this
recovering.
At first, to access your files, you have to eliminate Not-
Petya from your system by following the manual removing
guidelines that 2-SpyWare.com clearly explains. The first
step in this guide is requiring you to enter the Safe Mode
to discard the NotPetya ransomware and then you can access
a security tool. There are two methods to enter the Safe Mode
which are, entering by using Safe Mode with Networking or
using Safe Mode with Command Prompt, but in this paper, I
will review just how to enter the Safe Mode with Networking
in Windows 7, and assume that the ransomware doesn’t block
entering Safe Mode with Networking.
The first step to enter the Safe Mode with Networking
in Windows 7 is restarting your computer and when your
computer turns on, press F8 button many times until the
Advanced Boot Options window appears and then choose the
Safe Mode with Networking from the menu [10] (Fig. 15.4).
The second step is opening the browser in your infected
account and downloading one of the anti-spyware software
that 2-SpyWare.com recommends like Reimage, or Malware-
bytes Anti-malware. Before you start scanning and removing
the ransomware, ensure that the anti-spyware that you down-
loaded is up to date. In this paper, I choose Malwarebytes to
delete NotPetya because it is a free removal program, and it
can remove malicious files and programs easily by its tools
[11]. You can download the Malwarebytes on your Windows
from My Anti Spyware website and follow provided instruc-
tions to complete set it up. After downloading it, double-click
the setup file called “mb3-setup” and click ‘Yes’ if the User
Account Control Window appears [11].
After that, follow the Setup Wizard to install Malware-
bytes on your computer and don’t change the default settings
Fig. 15.4 Advanced boot
options window
15 What Petya/NotPetya Ransomware Is and What Its Remidiations Are 97
Fig. 15.5 Malwarebytes main screen
Fig. 15.6 Threats detected report window
[11]. When the installation is completed successfully, the
main screen of the software will appear automatically as
shown in Fig. 15.5 [11].
After checking the update version, press the Scan Now
button and therefore the scanning process will begin to detect
the NotPetya ransomware and any other malicious programs
[11]. After that, assess the report, which usually you wait
much time until it appears, and click the Remove Selected
button [11] (Fig. 15.6).
As a result, the Malwarebytes software begins to remove
NotPetya and any security threats found [11]. After the
cleansing process finishes, a prompt window that requires
you to restart your computer will appear and after restarting
your computer, it should be free of malicious software or files
[11].
The second step is recovering the corrupted files by trying
one of the procedures that 2-SpyWare.com suggests.
The first method is downloading Data Recovery Pro soft-
ware, which helps you to recover corrupted and encrypted
files, and then follow the instructions that Viruses Removal
Pro website provides in its guide to remove NotPetya ran-
somware [11,12]. After downloading the software and
opening it, choose Quick Scan or Full Scan as shown in Fig.
15.7 and then click Start Scan to find the files that NotPetya
corrupts [12].
After that, check the type of all files you need to restore
and then press the Recover button as Fig. 15.8 shown [12].
The second recovering method is decrypting files with
ShadowExplorer software that has a high chance to restore
infected files successfully because as 2-SpyWare.com states
that “At the moment, the malware does not manifest the
ability to delete volume shadow copies, so you are likely
to succeed in restoring affected files with the assistance
of this tool” [10]. After downloading the software, you
can follow the guideline that the Security Affairs website
explains [13]. After you choose the drive and identify the
files that you need to recover from the list in the main window
of ShadowExplorer, then you can export the files by pressing
right-click on the folder as Fig. 15.9 shown below [13].
In the case that the Security Affairs website used, they can
successfully recover 100% of the files that you can see in Fig.
15.10 [13].
As a result, by following the solution that I suggested,
you can recover your system after the NotPetya Ransomware
infection. In addition, based on what I represented previously
that demonstrates the success of the recovering process, you
obviously have a great chance in removing the ransomware
and restoring your files [14].
15.4 Conclusion
To sum up, this paper explains what NotPetya is, how it
works, and when and where it appears. Also, it mentioned
some ways to prevent NotPetya and reviewed four existed
solutions that can help to remove NotPetya and restore files.
The four solutions are, using tools for decrypting the MFT,
which you can use to recover files by taking advantage of
the limitation of the Salsa20 cipher in NotPetya and you
can find the full explanation of this solution in CrowdStrike
Blog, the interception of the encryption process by exploiting
the waiting time that NotPetya need to reboot the system,
entering the Safe Mode, removing the NotPetya and then
restoring the files by using the way that 2-SpyWare.com
provides, and reinstalling the operating system and then
restoring the files from a backup if you usually back up
your files. When I reviewed these four solutions I tried to
focus on showing their disadvantages to help you choose the
appropriate solution for you.
98 S. Y. A. Fayi
Fig. 15.7 Data recovery Pro
scanning options
Fig. 15.8 Items available to
recover
Fig. 15.9 Files available to
export
15 What Petya/NotPetya Ransomware Is and What Its Remidiations Are 99
Fig. 15.10 Files after recovering successfully
After reviewing all four solutions, I state that the second
solution, which is entering the Safe Mode, removing the
NotPetya and then restoring the files by using the way that 2-
SpyWare.com provides is a perfect solution because it covers
how to remove the NotPetya ransomware and how to restore
the files. I support this solution by adding more details to
how removing NotPetya by using Malwarebytes software,
and how to restore your files by using Data Recovery Pro
software or ShadowExplorer software.
At the end, don’t forget that deciding which the best
or easiest solution depends on you, on your ability and on
your experience in dealing with security threats, and on the
solution that makes the least possible losses. Moreover, don’t
forget that prevention is better than remediation, so always
back up your files on another device or in the cloud and
test these backups, make sure that patches and anti-viruses
or anti-spyware on your computer are up to date. Finally,
always be aware of everything on security threats to secure
your system or your organization’s system.
References
1. Alert (TA17-181A) Petya Ransomware, US-CERT (2017). [On-
line]. https://www.us-cert.gov/ncas/alerts/TA17-181A. Accessed 7
Nov 2017
2. O. Solon, A. Hern, Petya’ ransomware attack: what is it
and how can it be stopped?, The Guardian (2017) [Online].
https://www.theguardian.com/technology/2017/jun/27/petya-
ransomware-cyber-attack-who-what-why-how. Accessed 7 Nov
2017
3. Q. Yeh, A.J. Chang, Threats and countermeasures for information
system security: a cross-industry study. Inf. Manag. 44, 480–491
(2007)
4. P. Bedwell, A deep dive into the NotPetya ransomware attack,
Lastline (2017) [Online]. https://www.lastline.com/blog/notpetya-
ransomware-attack/. Accessed 7 Nov 2017
5. L. Abrams, Petya Ransomware skips the Files and Encrypts your
Hard Drive Instead, BleepingComputer (2016). [Online]. https:/
/www.bleepingcomputer.com/news/security/petya-ransomware-
skips-the-files-and-encrypts-your-hard-drive-instead/. Accessed 7
Nov 2017
6. A. Kharpal, ‘Petya’ ransomware: All you need to know about
the cyberattack and how to tell if you’re at risk, CNBC (2017).
[Online]. https://www.cnbc.com/2017/06/28/petya-ransomware-
cyberattack-explained-how-to-tell-if-youre-at-risk-or-been-
attacked.html. Accessed 7 Nov 2017
7. T. Fox-Brewster, 3 Things You Can Do To Stop ‘NotPetya’
Ransomware Wrecking Your PC, Forb e s (2017). [Online]. https:/
/www.forbes.com/sites/thomasbrewster/2017/06/28/three-things-
you-can-do-to-stop-notpetya-ransomware-wrecking-your-pc/
#6f276e377b05. Accessed 7 Nov 2017
8. I. Thomson in San Francisco 2017 at 03:19 tweet_btn(), Ev-
erything you need to know about the Petya, er, NotPetya nasty
trashing PCs worldwide, The Register®—Biting the hand that
feeds IT (2017). [Online]. https://www.theregister.co.uk/2017/06/
28/petya_notpetya_ransomware/. Accessed 8 Nov 2017.
9. Symantec Security Response, Petya ransomware outbreak: Here’s
what you need to know, Symantec (2017). [Online]. https://
www.symantec.com/connect/blogs/petya-ransomware-outbreak-
here-s-what-you-need-know. Accessed 8 Nov 2017
10. S. Eschweiler, Decrypting NotPetya/Petya: Tools for recovering
your MFT after an attack, CrowdStrike (2017). [Online]. https:/
/www.crowdstrike.com/blog/decrypting-notpetya-tools-for-
recovering-your-mft-after-an-attack/. Accessed 7 Nov 2017
11. J. Splinters, NotPetya ransomware virus. How to remove?
(Uninstall guide), 2-spyware (2017). [Online]. https://www.2-
spyware.com/remove-notpetya-ransomware-virus.html#data-
recovery! Accessed 7 Nov 2017
12. Patrik, Petya.A/NotPetya virus removal——How to protect
computer, My AntiSpyware (2017). [Online]. http://
www.myantispyware.com/2017/06/28/petya-notpetya-virus/.
Accessed 7 Nov 2017
100 S. Y. A. Fayi
13. CASPAR, Guide to remove NotPetya ransomware
permanently, Viruses Removal Pro (2017). [Online]. http://
provirusesremoval.com/guide-remove-notpetya-ransomware-
permanently/. Accessed 7 Nov 2017]
14. P. Paganini, Ransomware: How to recover your encrypted
files, the last guide, Security Affairs (2016). [Online]. http://
securityaffairs.co/wordpress/53438/malware/ransomware-recover-
guide.html. Accessed 7 Nov 2017
... The attack used a vulnerability in Ukrainian tax software to spread the malware, which encrypted users' files and demanded a ransom payment in exchange for the decryption key. The attack caused significant disruption to companies such as Merck, FedEx, and Maersk, with estimated losses totalling in the billions of dollars (Fayi, 2018). ...
Article
This article provides a comprehensive overview of cyber warfare, including its definition, tactics, techniques, and procedures. It also examines the types of cyber-attacks, the cyber kill chain, and the impact of cyber warfare on governments, corporations, and individuals. The article explores the importance of cyber security and defense, discussing various measures and strategies for protecting against cyber-attacks. Additionally, it highlights the critical role of cyber intelligence and international cooperation in cyber security. Finally, the article concludes with predictions of future cyber threats, future trends in cyber warfare, and the role of artificial intelligence in this field. Overall, the article emphasizes the growing importance of cyber security and the need for continued research and development in the field of cyber warfare.
... Cyber espionage for stealing confidential information Adobe Data Breach [30] 2013 Data breach on 39 million Adobe software users Yahoo Data Breach [31] 2013 Data breach on 3 billion Yahoo users Sony Pictures Hacks [32] 2014 Data breach of Sony pictures confidential information OPM Data Breach [33] 2015 Data breach on US Office of Personal Management (OPM) Uber Data Breach [34] 2016 Data breach on 57 million Uber users WannaCry [35] 2017 Ransomware encrypted user data causing the data to be inaccessible Petya/NotPetya [36] 2017 Ransomware encrypted user data causing the data to be inaccessible Mariot Data Breach [37] 2018 Data breach on Marriott hotel data RockYou [38] 2021 Data breach on 8.4 billion passwords representing nation-states or organized criminal groups. The impacts of the attacks include data breaches, inaccessible resources, and system operation disturbance. ...
Article
Full-text available
Power systems are undergoing rapid digitalization. This introduces new vulnerabilities and cyber threats in future Cyber-Physical Power Systems (CPPS). Some of the most notable incidents include the cyber attacks on the power grid in Ukraine in 2015, 2016, and 2022, which employed Advanced Persistent Threat (APT) strategies that took several months to reach their objectives and caused power outages. This highlights the urgent need for an in-depth analysis of APTs on CPPS. However, existing frameworks for analyzing cyber attacks, i.e., MITRE ATT&CK ICS and Cyber Kill Chain, have limitations in comprehensively analyzing APTs in CPPS environments. To address this gap, we propose a novel Advanced Cyber-Physical Power System (ACPPS) kill chain framework. In this paper, we define the characteristics of APTs on power systems. Subsequently, ACPPS kill chain defines and examines the cyber-physical APT stages on power grids from the early attack stages towards cascading failures and a blackout. The proposed ACPPS kill chain is validated by real-world cyber attack case studies using cyber-physical simulations.
... susceptible to certain vulnerabilities. This poses a significant and foreseeable threat to institutions.50 Unlike the others, DoppelPaymer is a target of the BitPaymer ransomware and is associated with the Dridex malware family. ...
Article
Ransomware is a subset of malicious cyberattacks that aim to hold an organization’s data or critical infrastructure at ransom, compromising or blocking access. If the attack is public or made public after the initial attack, it can also severely jeopardize an organization’s reputation. Given the direct and immediate impact ransomware attacks can have and the lack of in-depth sharing, additional research is needed to analyze ransomware incidents in order to understand the underlying causes of incidents in addition to the detection and prevention methods. In this paper, 22 public ransomware incidents within the marine industry have been investigated to determine their causal factors and commonalities. To investigate causal factors, DEMATEL (Decision Making Trial and Evaluation Laboratory) and a fuzzy set are used in order to enable an organization to better adhere to operational requirements and cyber risk management strategies to increase cyber resilience against ransomware incidents. The study’s findings highlight the fact that network layer cyber security mitigations, strategies for securely utilizing RDP (Remote Desktop Protocol) protocols, and investments in operating systems (OS) and software security are essential components of preventing future ransomware incidents. This study concludes by suggesting several suitable control and preventative measures to improve system safety.
Chapter
Full-text available
The Internet of Things (IoT), which was first conceptualized in 1999 [1], has a crucial application in the industry. The Industrial Internet of Things (IIoT) refers to the interrelated, automated use of sensors, devices, and machines that run on industrial applications to increase efficiency and reliability of manufacturing. It provides connectivity between systems, machines, and people in companies. Many companies need to improve asset management and maintenance by reducing waste and cost to improve their competitive advantage. IIoT helps to increase operational efficiency in the manufacturing industry by integrating information technology with operational technology [2]. IIoT is also commonly known as Industry 4.0, which works on interconnected smart machinery, embedding sensing devices, data analytics, and automated decision-making with edge computing technology to increase productivity, make supply chain efficient, and improve distribution, capacity, resource management [3], worker safety, and return on investment [4]. IIoT integrates technology related to Artificial Intelligence (AI) with manufacturing learning and responding, analyzing big data in operations and productions [5]. This integration improves manufacturing performance, scalability, and ideas behind evolving and improving the business by capturing data from sensors and communicating accurately and consistently [6]. The raw data collected from these sensors and assets consist of the digital footprints of the manufacturing product and process. These data, when analyzed, can provide information regarding the production and supply chain that can be implemented in decision-making and optimization. Although IIoT has added value to business operations, the adoption of these digital technologies has still been difficult for businesses. In emerging economies, the slow and low implementation has slowed the progress in these fields [7]. Also, interconnecting different sensors, actuators, and controllers with the production lines and equipment to perform the manufacturing process automatically without any or minimum human intervention has added challenges in terms of safety and security of industrial production and automation [8]. Because of this reason, some companies have shown resistance and reservations in adopting these technologies. However, with the improvement of these technologies, many manufacturers are now switching to implementing IIoT in their manufacturing process.
Chapter
The encompassing trend of digitalisation and widespread dependencies on IT systems also triggers adjustments in the military forces. Besides necessary enhancements of IT security and defensive measures for cyberspace, a growing number of states are establishing offensive military capabilities for this domain. The chapter discusses historical developments and transformations due to advancements in military technologies and the political progress made and tools developed since. Both have contributed to handling challenges and confining threats to international security. With this background, this chapter assesses a possible application of these efforts to developments concerning cyberspace, as well as obstacles that need to be tackled to succeed. The chapter points out political advancements already in progress, the role of social initiatives, such as the cyber peace campaign of the Forum of Computer Scientists for Peace and Societal Responsibility (FIfF), as well as potential consequences of the rising probability of cyber war as opposed to the prospects of cyber peace.
Article
Geçmişten günümüze şifreleme, pek çok uygulamada kullanılan farklı yöntemleriyle büyük bir evrim geçirmiştir. Güçlü şifreleme algoritmalarının zaman içerisindeki gelişimi, dijital iletişimde güvenliği sağlayan Açık Anahtar Altyapısını oluşturmuştur. Bu altyapının önemli bir bileşeni olan dijital imzalama günümüzde yaygın olarak kullanılmaktadır ve verinin doğruluğunu, bütünlüğünü ve güvenilirliğini önemli ölçüde sağlamaktadır. Bu çalışmada dijital imzalama yöntemlerinin, günümüz siber güvenlik dünyasında, zararlı yazılımların güvenilirliği üzerindeki etkisi değerlendirilmektedir. Zararlı yazılımların etkileri ve sonuçları her geçen gün artmakta olup, yaygın olarak kullanılan e-imza ve dijital sertifikalar da bu etkileri artırabilmektedir. Bu bağlamda çalışma, farklı yöntemlerle oluşturulan örneklere dijital imzalama uygulanarak, zararlı yazılımların güvenilirlik ölçütlerinin karşılaştırmasını içermektedir. Testler sonucunda imzalı olan zararlı uygulamaların imzasız olan zararlı uygulamalara göre daha düşük olasılıkla güvenlik sistemlerine yakalandıkları ölçülmüştür. Özetle araştırma, dijital imzalamanın zararlı yazılımların yayılımını ne ölçüde etkilediğini ortaya koymayı ve siber güvenlik önlemlerinin geliştirilmesine katkı sağlamayı amaçlamaktadır.
Book
Full-text available
This book highlights authentication and trust evaluation models in the Industrial Internet of Things. It further discusses data breaches and security issues in various Artificial Intelligence-enabled systems and uses Blockchain to resolve the challenges faced by the Industrial Internet of Things. The text showcases performance quality assessment for the Industrial Internet of Things’ applications. This book: Discusses and evaluates different quality assessment systems and authentication of smart devices Addresses data handling, data security, confidentiality, and integrity of data in the Industrial Internet of Things Focuses on developing framework and standardization of quality assessment for diverse Internet of Things-enabled devices Explains the designing, developing, and framing of smart machines, that are equipped with tools for tracking and logging data to provide advanced security features Presents the convergence of the Internet of Things toward Industry 4.0 through quality assessment via analyzing data security and identifying vulnerabilities It is primarily written for graduate students and academic researchers in the fields of electrical engineering, electronics, and communications engineering, industrial and production engineering, computer science, and engineering.
Chapter
In today's world of ubiquitous sensors and intelligent devices, cyber incidents and crime have peaked. Ransomware poses a danger to the security of a computer system. Ransomware attacks have significantly increased over the past ten years. Inevitably, this has become the talk of the town quite extortionate due to considerable consequential damages and obstruction in sectors such as healthcare, insurance, business, and education. Automatic detection and prevention of ransomware attacks is a crucial aspect of cybersecurity. Various malware detection methods have still been unturned as new parts of malware emerge. In the last two decades, several machine-learning algorithms and behavior-based techniques have been developed to identify ransomware anomalies. This chapter provides a long-term understanding of ransomware and discusses current methods and advancements in ransomware detection and the phases of a ransomware attack. The authors also highlighted the brief history of ransomware from 1989 when the first ransomware was discovered to the recent year 2023.
Article
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.
Petya’ ransomware attack: what is it and how can it be stopped?
  • O Solon
  • A Hern
O. Solon, A. Hern, Petya' ransomware attack: what is it and how can it be stopped?, The Guardian (2017) [Online].
Petya Ransomware skips the Files and Encrypts your Hard Drive Instead
  • L Abrams
L. Abrams, Petya Ransomware skips the Files and Encrypts your Hard Drive Instead, BleepingComputer (2016). [Online].
Petya ransomware outbreak: Here’s what you need to know
  • Symantec Security Response
Symantec Security Response, Petya ransomware outbreak: Here's what you need to know, Symantec (2017). [Online]. https:// www.symantec.com/connect/blogs/petya-ransomware-outbreakhere-s-what-you-need-know. Accessed 8 Nov 2017
3 Things You Can Do To Stop ‘NotPetya’ Ransomware Wrecking Your PC
  • T Fox-Brewster
T. Fox-Brewster, 3 Things You Can Do To Stop 'NotPetya' Ransomware Wrecking Your PC, Forbes (2017). [Online].
Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide, The Register®-Biting the hand that feeds
  • I Thomson In San
  • Francisco
I. Thomson in San Francisco 2017 at 03:19 tweet_btn(), Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide, The Register ® -Biting the hand that feeds IT (2017). [Online]. https://www.theregister.co.uk/2017/06/ 28/petya_notpetya_ransomware/. Accessed 8 Nov 2017.
Decrypting NotPetya/Petya: Tools for recovering your MFT after an attack
  • S Eschweiler
S. Eschweiler, Decrypting NotPetya/Petya: Tools for recovering your MFT after an attack, CrowdStrike (2017). [Online].
A/NotPetya virus removal--How to protect computer
  • Petya Patrik
Patrik, Petya.A/NotPetya virus removal--How to protect computer, My AntiSpyware (2017). [Online]. http:// www.myantispyware.com/2017/06/28/petya-notpetya-virus/. Accessed 7 Nov 2017
Ransomware: How to recover your encrypted files, the last guide
  • P Paganini
NotPetya ransomware virus. How to remove?
  • J Splinters