DIGITAL BUSINESS (BADB2034)

APRIL 2020 (SECTION 2)

GROUP FORUM (NOTPEYA FORUM)

COURSE LEADER: Misyer Mohamed Tajudin

Name: No. Matrix

Ahmad Syahir Idham B Ishak MC200110389

Muhammad Luqman B Mustaqim MC200110371

Nur Azlin Binti Azami MC200110349

Umie Aqieera Binti Md Alham MC200110273

Question 1

What makes ransomware like NotPetya extremely dangerous?

There are many possibilities to cause great damage to an individual system and an
organization. It is one of the greatest cybersecurity threats by any organization today and
Notpetya is spreading itself. the original Petya asked the victim to download the spam email,
send it and launch it with the administrator's permission. as we know the notice does not
involve human intervention. it notices many ways to spread to other computers such as

eternal blue and eternal romance when it is infected with a server. Microsoft Windows has
been targeted by ransomware as well as infecting major boot records with the added burden
of hard disk drive systems and preventing them from the boot. In addition, the original Petya
standard parcel aims to produce some of the fastest bitcoin from the victims. however,
Notpetya is usually known for its great potential for powering computer systems, data, and
wired machines.

Question 2

What maybe the major motive(s) for its deployment?

The main purpose of using NotPetya is that it is the responsibility of the lead actor,
especially in the context of amateur ransom money collection.

The tactic of using an amateur hostage is distortion or hype to raise awareness of the attack.
The notice also spreads only on the local network after the initial infection. In addition,
Notpetya has a built-in killer that has shown NATO researchers that the attacks are meant to
be controlled and targeted and even show its strength among countries.

Question 3

What makes even big companies vulnerable to the ransomware threats? In other words,
how could such threat works it way into companies with seemingly sound SOPs?

One of the reasons why large companies with great SOPs are also vulnerable to
ransomware attacks is that ransomware is a malware that prevents users from accessing
their systems by encrypting files that are important to the company, and then attackers will
demand ransom for the system to open.
This was proven by the Maersk company in 2017. Although the companies have SOPs to
counteract what is in the malicious. As we all know, big companies like Maersk use systems
that connect to all of their networks. Once the device is connected, the attack will spread
quickly through the network infecting all of the company's PCs. Ransomware attacks may
have been transmitted via e-mail containing malicious attachments or even by downloading
a drive-by when users accidentally visit infected sites without suspicion.

Ransomware attacks can incur additional costs such as data loss, investment in new
security, new SOP, recovery costs, and even employee training in response to the attack.
With the company's SOP now largely sent via email and corporate networks, ransomware
can deny users access and search all sensitive data and encrypt it. Even if the ransom is
paid by the beneficiary, it does not guarantee that the company’s files will be restored and
will make the company a prime target in the future.

Question 4

How do companies protect themselves from such attack in the future?

Notpeta are considered to be the biggest cyber-attacks and have made it clear to the
mindset that all companies need to provide security or protocols to prevent it. There are
several ways to prevent NotPetya from spreading for example:

i) not clicking pop-up windows, not download from unknown resources

ii) should install anti-virus software
iii) up-to-date apps and operating systems
iv) back-up devices in case there's hacking
v) web filtering and isolation technologies