Cadbury Australia by Ransomware for Cybercriminals- myassignmenthelp

Question: Discuss about theCadbury Australia Hit by Ransomware for Cybercriminals. Answer: Introduction In recent times with the advent of computers and the Internet, the human life is getting more and more facilitated. The cybercriminals taking advantage of this Internet are conducting malicious activities over the Internet (Fimin 2017). The business organisation, Cadbury Australia has been chosen for the project. The issues they face due to Petya ransomware attack has been highlighted in the report. The news highlighted in the newspaper around June 2017. The report focuses the deadly Petya ransomware attack which shut down the computer server and computer system to halt and hampers the chocolate production. The overview and the detailed impact of Petya Ransomware virus in Cadbury Australia has been showcased. Overview of ransomware attack on Cadbury Australia In Tasmania, the famous chocolate company, Cadbury Australia has been attacked by the ransomware virus a few months ago the effect was disastrous. The virus forced the entire company to cease the production causing a huge loss for the company. The attack was carried out on June 20, 2017. On Tuesday night, the employees of the company experienced the effect of Petya ransomware attack in the system. John Short the secretary of the Australian Manufacturing Worker Union stated that the entire production was stopped due to the Petya Attack. The next day on Wednesday the employees of the company went for work and found that the systems of the company are not working and they are stopped (Gordon, Fairhall and Landman 2017). Around 500 employees on Wednesday morning were sitting idle as the production was put into a halt. Cadbury Australia faced a huge loss that day. Besides, the management team, as well as the workers, were not sure when their system would be normal. The workers were moved on to the cleaning shifts to keep the company working, again the pest control team were moved to keep the night shift schedule busy. Cadbury Australia was not sure when their company would recover from the attack (Richardson and North 2017). The professional team worked there addressing the issues and other vulnerabilities of the network. Will Hodgeman in the meanwhile asked all the Tasmanian business to install computer updates to stay away from the potential ransomware attack. The ransomware attacked the parent company of Cadbury Australia, Mondelez International and that affected the other subsidiaries (Le Guernic and Legay 2017). The website and the system of Tasmania, Victoria and New Zealand suffered as the parent company got affected. The ransomware attack was responsible for sabotaging the phone lines, emails and damaged the entire production system. Details of the ransomware attack on Cadbury Australia The Petya GoldenEye actually attacked the computer database and the system and the database and makes the entire system vulnerable to attack. The employees as well as the managers while trying to enter their system they were not able to log in their system, instead they get the warning message that their system has been hacked and the files have been encrypted, the employees and the management can get back the file in lieu of money (Shackelford 2017). They faced huge difficulties to carry on their work as they could not use the computer system, instead they moved to paper and handwriting to carry on the production process. The entire team unit was tensed when the system would be ok and would be operational to work. The customers could not able to communicate with the company and the outsourcing suffered a lot. The entire enterprise goes into the disruption as a result of this malware attack. According to the officials of Cadbury Australia, their website is the highly advanced site, t heir website is highly automated. Most of the companys operations are conducted via their website and because of this attack, everything is put into a halt. The reason behind this disruption is the outdated software, outdated operating system and the outdated antivirus software (Skrzewski and Rybka 2017). They do not use the patches as well. Cadbury Australia then conducted all the business operations offline, all the employees patiently conducted all the operations However, they are now safe, they have recovered from the disaster they were at the beginning (Schilling 2017). The IT team has worked really hard to make the venture successful and now the Cadbury Australia, however, there are certain risks still associated with it. Cadbury Australia should make the network strong and secured enough to conduct the business operations, must have the latest antivirus installed, they must also install the updates of the antivirus software, operating system as well as all the applications. Petya ransomware attack and its impact Effect of Petya ransomware The system of Cadbury Australia did not get boot up, Cadbury Australia uses Windows operating system at their premises, the Petya attacks the primarily and thus they become the victims. The victims those who got affected by Petya generally got the message that the users files have been encrypted and those files can only be retrieved by paying a sum of money (Hammill 2017). They also mention that nobody can access those files or those files cannot be decrypted back any other means. The workings of Petya ransomware Petya can only attack the outdated system having outdated antivirus software, outdated operating system and the outdated applications. The system generally lacks the updates and the latest patches. This makes their task simpler to hijack the system as they are knowledgeable of the software and the operating system (Gilbert 2017). The ransomware utilises the hijacked software updates as an attack vector. The Petya also uses the phishing emails as an attack vector. Petya utilises the advanced version of Mimikatz to rob the sensitive information of the users from the database. They utilise WMIC and PsExec to hack and attack the system. After entering the system, Petya targets the files and the hidden files within the system and encrypts the files. There are two NSA-stolen SMB exposures which Petya uses and they are Eternal Blue and Eternal Romance. Petya steals WMIC, Windows tools, PsExec and other sensitive information of the companies and the individuals from the system and encrypts those and even they use those data to spread the malicious activities from one system to the other. The Petya virus is not only limited to attack ones system files and the sensitive information, rather they attack the hard drives MFT and MBR. In this way, they make the whole system unbootable. For the unbootable system, the users or the victims cannot get the opportunity to log into their system (Odilinye, Butakov and Aghili 2017). If the users do not log into their system, they cannot access the files even cannot decrypt the files by any other means. In this way, the Petya makes retrieving of files and decryption of files impossible. They take control over the insecure network first and then takes control over the system and the database, they automatically get the administrative rights and thus it becomes easy to conduct the business operations. In case of Cadbury Australia, the Petya attacks the system and the database of the Cadbury Australia, they shut down the server by attacking the hard drives MFT and MBR and put the entire system to halt. Petya steals WMIC, Windows tools, PsExec and other sensitive information of Cadbury Australia (Siddiqui, Lee and Saqib 2017). The employees and the management team while tries to enter the system they get a warning message that their system has been hacked and the files residing within the system has been encoded and those files cannot be decoded by any other means, they can be decoded by the hackers. They also demanded $300 to set free the system and the files. The screenshot has been given below which can demonstrate the same. Fig 1: Petya Ransomware attack on Cadbury factory Australia (Source: Skrzewski and Rybka 2017, pp. 144-153) Identifying the risks associated with Cadbury Australia Cadbury Australia must monitor the system and the database daily to find out the security breaches all the time, that can mitigate the risks within and can check the negative impacts on Cadbury Australia. Cadbury Australia must educate their employees about the threats and the security measures for conducting the business operations in a well-secured manner. The training programs must be conducted on daily basis to train them effectively. All the employees and the management team must be aware of the security threats symptoms, in this way they can identify the cyber threats pretty early and can take actions against the threats quite early (Yaqoob et al. 2017). Finally, they must monitor, then maintain and regularly reviews the security program and should check whether their system is up to date or not, whether their database and the antivirus software is up to date or not. Security control measures to keep the Cadbury Australias system protected Cadbury Australia must be aware of the securities and the policies and the procedures and should implement the IT security measures to keep their system protected. As they conduct all the activities online they must not compromise the security. Cadbury Australia must install the updates for the application software they use, must install updates for the operating system and the antivirus software they use. Cadbury Australia must implement an effective response plan, they must implement the business continuity plan, that can help to conduct the business activities effectively and in agile fashion (Hernandez-Castro, Cartwright and Stepanova 2017). They must have a plan from beforehand and must stay ready to work offline. They must have a proper plan so that they should not halt the business process due to any kind of security breaches or any security mishaps. Cadbury Australia must have a security awareness training program and this training program along with the proactive testing must be communicated to the customers and the third parties of the company (Rajput 2017). Cadbury Australia must keep back of the files all the data, there will be no risk of data loss and this can be easy to retrieve the files with ease. They must secure the network, the network they are using must be well secured enough and strong enough, that can protect Cadbury Australia from all kinds of security breaches. They must implement endpoint monitoring; they must keep notice on all the malicious activities occurring within the system. vii. They must check the system and the database frequently to test the virus residing within the system (Chakraborty, Pierazzi and Subrahmanian, 2017). viii. The security of the system and the database can be ensured via EY Managed SOC services, this EY managed SOC services are capable to detect the threats and better response to the threats. Cadbury Australia responses and adoption of MIS system Cadbury Australia if gets compromised must take appropriate steps to secure and protect the systems. They must be responsive all the time, they must have the damage control measures all the time. Cadbury Australia must communicate with the customers and the clients and must keep a healthy relationship with them. Thus when their system gets hacked, they must do the following thing at first, they must disconnect the system and the database from the Internet. Secondly, they must keep backup of all the files. This procedure can save the rest of the files from being hacked or lost or being encrypted (Kharraz and Kirda 2017). They must forensically analyse network and host systems as that can detect the penetration and the attack of ransomware attack. They must have a professional IT team who has the capability to recover lost data or the encrypted data from the infected system. The IT team must be knowledgeable to deliver the best security solutions, they must analyse the network all the time to find out any security breaches. They must be capable of identifying and the vulnerabilities to check the intruders entry and must ensure the safety of the system from future attack (Kulshrestha 2017). The business continuity plan must be activated by Cadbury Australia and an incident response plan to add security to the system and the database. They must adopt the management information system as that can help them to conduct the financial operations as well as other management services. Again, they can conduct all the operations securely and effectively using MIS system. Conclusion It can be concluded from the above discourse by adopting security measures they can keep their system safe and secure and can assist in conducting the business activities fluently and with full proficiency. The overview and the detailed attack of the ransomware virus have been discussed in the report. The effect of Petya ransomware attack, how the Petya Ransomware attack works, the threats and the risks associated has been highlighted in the report, also the security controls have been elaborated in details in the report. Along with all the aspects, Cadbury Australia and their forward look have been focussed as well. The IT team of Cadbury Australia must be capable to cater the best security solutions. Cadbury is the reputed company all over the world, thus they must have a top-notch security in their factory premises. References Batcheller, A., Fowler, S.C., Cunningham, R., Doyle, D., Jaeger, T. and Lindqvist, U., 2017. Building on the Success of Building Security In.IEEE Security Privacy,15(4), pp.85-87. Chakraborty, T., Pierazzi, F. and Subrahmanian, V.S., 2017. EC2: Ensemble Clustering and Classification for Predicting Android Malware Families.IEEE Transactions on Dependable and Secure Computing. Fimin, M., 2017. Are employees part of the ransomware problem?.Computer Fraud Security,2017(8), pp.15-17. Gilbert, S., 2017. Can a cyber insurance policy keep businesses ahead of information-security risk?.Journal of Data Protection Privacy,1(3), pp.321-328. Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to Information SecurityPublic Health Implications.New England Journal of Medicine,377(8), pp.707-709. Hammill, A., 2017.The rise and wrath of ransomware and what it means for society(Doctoral dissertation, Utica College). Hernandez-Castro, J., Cartwright, E. and Stepanova, A., 2017. Economic Analysis of Ransomware. Kharraz, A. and Kirda, E., 2017. Redemption: Real-time Protection Against Ransomware at End-Hosts. Kulshrestha, S., 2017. Artificial Intelligence and Cyber Defense.IndraStra Global, (8), p.3. Le Guernic, C. and Legay, A., 2017, April. Ransomware and the Legacy Crypto API. InRisks and Security of Internet and Systems: 11th International Conference, CRiSIS 2016, Roscoff, France, September 5-7, 2016, Revised Selected Papers(Vol. 10158, p. 11). Springer. Odilinye, L., Butakov, S. and Aghili, S., 2017, November. Audit Plan for Patch Management of Enterprise Applications. InInternational Conference on Information Theoretic Security(pp. 168-175). Springer, Singapore. Rajput, T.S., 2017. Evolving Threat Agents: Ransomware and their Variants.International Journal of Computer Applications,164(7). Richardson, R. and North, M., 2017. Ransomware: Evolution, Mitigation and Prevention.International Management Review,13(1), p.10. Schilling, J., 2017. RANSOMWARE 101-HOW TO FACE THE THREAT.Petroleum Accounting and Financial Management Journal,36(2), p.6. Shackelford, S., 2017. Exploring the Shared Responsibilityof Cyber Peace: Should Cybersecurity Be a Human Right?. Siddiqui, A.S., Lee, C.C. and Saqib, F., 2017. Hardware based protection against Malwares by PUF based access control Mechanism. Skrzewski, M. and Rybka, P., 2017, June. The Possibilities of Systems Self-defense Against Malicious Software. InInternational Conference on Computer Networks(pp. 144-153). Springer, Cham. Yaqoob, I., Ahmed, E., Rehman, M.H., Ahmed, A.I.A., Al-garadi, M.A., Imran, M. and Guizani, M., 2017. The rise of ransomware and emerging security challenges in the Internet of Things.Computer Networks.