International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 07 Issue: 12 | Dec 2020
p-ISSN: 2395-0072
www.irjet.net
GoldenEye Ransomware Attack Prakruti Joshi1, Akshit Kurani2, Hrisha Yagnik3 1-3Student,
Department of Computer Engineering, Indus University, Ahmedabad, India ---------------------------------------------------------------------***----------------------------------------------------------------------
Abstract : In this new cyber era on one side, the internet facilities have made the world wiser and quicker with thoughts, and on the other hand the same internet is letting the planet on the verge of destruction by making it transparent and prone to cyber-threats. Amongst these Ransomeware now poses a significant challenge to the world of web, most tech businesses, universities in the world, corporations and organisations are trying to make warning choices to stop ransomware attacks like GoldenEye Ransomware Attack. This study will review the background knowledge of cyber-crime and ransomware; the cases of Petya attack around the world; and enlighten the concerns and recovery measures for such threats.
Ransomware’ as per the headlines concerning cybersecurity. 1.2 Background After a few months cyber-security professionals had got their attention on WannaCry, next was the Petya ransomware strain identified as ‘GoldenEye’ and was expected to be a large-scale attack across the globe. WannaCry ransomware attacks were to begin with Detailed on 12th May 2017 and Petya on 27th June 2017.[4] WannaCry was utilizing two programs for the attack by the cyber-criminals. Those behind the GoldenEye attacks added another prong to their attack; GoldenEye had two layers of encryption. While ransomware has always targeted files and encrypted them to stop the user from being able to use their computers, GoldenEye encrypts both the files and file structures known as NTFS structures.
Keywords: Cyber attacks, Ransomware, GoldenEye, Petya, Prevention, Solutions. 1. INTRODUCTION Nowadays cybercrime is a common problem in this world. A crime committed using the internet and the computer to steal an individual's identity or illegal imports or malicious programs. Cybercrime is nothing but where the computer is used as a subject or an object of crime. Experts view that cyber-crime is a new category of crime requiring a comprehensive new legal framework to address a unique nature of emerging technologies and the unique set of challenges that traditional crime do not deal with.[1]
Unlike most ransomware, the latest GoldenEye version has two types of encryption, one that independently encrypts target files on the device and another that encrypts NTFS (New Technology File System—a proprietary file system of Microsoft) structures. This approach prohibits victims computers from booting up and downloading stored information or samples in a live operating system (OS) environment.
To protect this issue we have cybersecurity. But sometimes the security is not good. It is broken by attackers and there are some attacks that were the cause of vulnerability mainly ransomware attacks. The aim of cyber-attack is to get the information system of an individual or a management.[2]
2. CASES Less than two months after the spread of the WannaCry ransomware in May, Ukraine faced yet another cyberattack, perhaps the most serious one in its history. Referred to as “Petya”, “Petya.A”, “PetrWrap”, “GoldenEye”, “Diskcoder.C”, etc.[5] On June 27, 2017, a large-scale attack using a version of the ransomware family known as GoldenEye hit most of the world. Around 37 incidents of ransomware attacks were reported to the Indian Computer Emergency Response Team (CERT-In). Of these, 34 incidents were found of WannaCry and Petya ransomware.[4]
1.1 Ransomware Ransomware is a malicious code used by cybercriminals to initiate the abduction of data and lock down screen attacks. The motive for ransom ware attacks is monetary, and unlike other types of attacks.[3]In this case, usually, the victim is notified that an exploit has occurred and hence given instructions for how to recover from the attack. There are different types of ransomware known among which GoldenEye is one.
In addition to encrypting files on the computer, this ransomware family is distinguished by encrypting the MBR when it has authorization, thereby blocking complete access to the computer. The attack can nearly be seen as a replica of the much-feared WannaCry attack that rocked the world a little over a month ago. This version of the malware is distributed as a DLL with an EXPORT, which is
GoldenEye attack was the follow-on attack after the mass ransomware attack called WannaCry attack which was designed as a ‘worm’ to increase the speed of the attack allowing the infection to spread to over 300,000 endpoints in over 150 countries in 2017 ‘The year of
© 2020, IRJET
|
Impact Factor value: 7.529
|
ISO 9001:2008 Certified Journal
|
Page 387