Is the thought of viewing Halloween (2018) terrifying than the thought of a ransomware attack? Assuming the value of horror films and many are acquaintances of Steven Spielberg, John Carpenter, Wes Craven and James Wan’s horror thrillers, ransomware attacks are more frightening. Who deeded the original Halloween?  On October 25, 1978, Halloween (1978) was released as a horror thriller directed by John Carpenter and Debra Hill. The earliest Halloween is a remnant of Alfred Hitchcock’s 1960 horror thriller Psycho. In the same genre of horror – alarming, costly and finite, Rayome lists ten of the worst ransomware attacks of 2017. This is one of several blogs dedicated to unearth Rayome’s scary list.  What is ransomware? Ransonware is a malware, malicious software, preventing or limiting users’ access until a paid ransom. What is a ransomworm? Ransomworm is a computer worm, replicating itself to spread and limiting users’ access until a paid ransom.  Coincidentally, horror films cover small areas, local towns and communities, which are synonymous with local network infrastructures. Some horror thrillers that include zombies are expanding beyond their local communities. In cybersecurity, botnets (zombies) are infected computers controlled by hacktivists, state-sponsored attackers, insiders and cyber-criminals.  Train to Busan, a zombie drama, is an example of a local infection, having severe consequences left unabated.  Rayome’s top ransomware goes to NotPetya, and it’s scary.  The second and third ransomwares in Rayome’s list are WannaCry and Locky. The latter ransomware is  downloaded with malicious macros. WannaCry is a close relative of NotPetya.  NotPetya is a worm and had been disguised as a legitimate Ukrainian tax software in its origin, which is similar to Quicken in the U.S. According to Rayome’s article, NotPetya was widespread within days of infection.  Andy Greenberg, author of Sandworm, describes a more harrowing narrative of massive hysteria across the globe.  NotPetya, a variant of Petya, was automated, rapid and indestructible much like zombies in World War Z. According to Greenberg, NotPetya is likely responsible for the most devastating cyberattack in history by nation-state actors. Additionally, NotPetya was aided by U.S. National Security Agency’s (NSA) EternalBlue, creating a formidable adversary for IT security personnel. EternalBlue was created by NSA and leaked online in 2017. EternalBlue exploits server message block (SMB) implementation in Microsoft Windows. Sobriety ingenuity and resolve were used by threat actors to add an additional layer of offense to NotPetya. The offense was called Mimikatz.  In 2011, Benjamin Deply developed Mimikatz, an open source utility to identify credentials, to reveal Microsoft authentication vulnerabilities.  What is a difference between NotPetya and Petya? Unlike Petya, NotPetya does not need human intervention to propagate according to John Fruhlinger.  This difference separates a computer worm and a computer virus.  A virus needs a host to survive much as IT security needs personnel.  Because of NotPetya unique functionalities, it is able to masquerade succinctly as ransomware to download its boot loader, encrypt master file table (MFT), extract and steal credentials, impersonate tokens, propagate to remote hosts and escalate privileges. It’s bad! It’s ugly! It’s scary! Sood and Hurley refers to NotPetya as “A Triple Threat.”  NotPetya is a formidable monster, and there are superheroes in cybersecurity.

^{Resources:
Cofense. “Locky Ransonware Keeps Returning After Repeated Absences.”  23 August 2017. Malware Analysis, Phishing, https//cofense.com/locky-ransomware-keeps-returning-repeated-absences/. Accessed 23 January 2019.
“Cyber Threat Basics, Types of Threats, Intelligence & Best Practices.” 12 May 2017, SecureWorks, Inc., Dell Technologies, https//www.secureworks.com/blog/cyber-threat-basics. Accessed 22 January 2019.
Francis, R. “Ransomworm: the next level of cybersecurity nastiness 2017 could see further evil innovations of ransomware.” 27 December 2016, CSO, https//www.csoonline.com/article/3151964/data-breach/ransomworm-the-next-level-of-cybersecurity-nastiness.html. Accessed 23 January 2019.
Fruhlinger, J. “Petya ransomware and NotPetya malware: What you need to know  now.” 17 October 2017. https//www.csoonline.com/article/3233210/ransomware/petya-ransomware-and-notpetya-malware-what-you-need-to-know-now.html. Accessed 23 January 2019.
Greenberg, A. “THE UNTOLD STORY OF NOTPETYA, THE MOST DEVASTATING CYBERATTACK IN HISTORY.” 22 August 2018, Wired, https//www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. Accessed 22 January 2019.
Grossman, N. “EternalBlue – Everything There Is To Know.” 29 September 2017, Check Point Software Technologies LTD, Check Point Research, https//research.checkpoint.com/eternalblue-everything-know/. Accessed 22 January 2019.
Håkan Dahlström. The die is cast. 19 March 2011. Flickr, https//www.flickr.com/photos/dahlstroms/5540370555/. Accessed 30 December 2018.
“Halloween 2018.” 1 November 2018. A&E Television Network. History.com, https//www.history.com/topics/halloween/history-of-halloween. Accessed 18 January 2019.
“Halloween (1978 film).” 17 January 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia,  https//en.wikipedia.org/wiki/Halloween_(1978_film). Accessed 18 January 2019.
“Halloween (2018 film).” 18 January 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia, https//en.wikipedia.org/wiki/Halloween_(2018_film). Accessed 18 January 2019.
Hern, A. “WannaCry, Petya, NotPetya: how ransomware hit the big time 2017.” 30 December 2017, https//www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware. Accessed 25 January 2019.
Newman, L.H. “THE LEAKED NSA SPY TOOL THAT HACKED THE WORLD.” 18 March 2018, Wired, http//www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/. Accessed 22 January 2019.
Sood, Karen and Hurley, Shaun. “NotPetya Technical Analysis – A Triple Threat: File Encryption, MFT Encryption, Credential Theft.” 29 July 2017, Crowdstrike, https//www.crowdstrike.com/blog/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft/. Accessed 25 January 2019.
Petters, J. “Mimikatz: The Beginner’s Guide.” 21 December 2018, Varonis, https//www.varonis.com/blog/what-is-mimikatz/. Accessed 22 January 2019.
Rayome, Alison D. “The top 10 worst ransomware attacks of 2017, so far.” 31 October 2017, Tech Republic, https//www.techrepublic.com/article/the-top-10-worst-ransomware-attacks-of-2017-so-far/. Accessed 22 January 2019.
“Wes Craven.” 18 January 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia, https//en.wikipedia.org/wiki/Wes_Craven. Accessed 18 January 2019.
“What is Ransonware?” TrendMicro.com, https//www.trendmicro.com/vinfo/us/security/definition/RANSOMWARE. Accessed 23 January 2019.}