WannaCry Ransomware Attack Analysis
VerifiedAdded on 2020/02/24
|10
|2248
|160
AI Summary
This assignment delves into a comprehensive analysis of the WannaCry ransomware attack. It examines the global repercussions of the attack, highlighting the affected organizations like Deutsche Bahn, Renault, and Hitachi. The analysis delves into the hacking method employed by Shadow Brokers, utilizing the stolen 'Eternal Blue' weapon from the NSA. The document further outlines preventive measures that could have mitigated the attack, emphasizing the importance of software updates, security patches, and staff training.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
PART A
COMPUTER SECURITY BREACH THAT OCCURED IN JUNE 2017- NOTPETYA
CYBER ATTACK
INTRODUCTION
Computer Security Breach is an event that infects individual/organizations systems
and causes illegal access of data, applications, services and networks by affecting their basic
security mechanism. Data security breaches occur almost daily but some of the worst data
breaches happened in the year 2017. NotPetya , a major cyber attack began on 27th June 2017.
It affected networks in various countries across the globe. The malicious malware shares its
code with a former ransomware Petya, but is so called due to key differences in its operation.
The main purpose of said attack was to damage IT systems and spread quickly. The
attackers never had the intention of obtaining any sort of financial gain by extorting money.
The malevolent malware is also popular by the name of Petya, Nyetya, ExPet and few other
names(Hackett,2017). Although the cyber attack was more complex than WannaCry still it
had few flaws. The ransomware infects the system by locking the computer’s hard drive and
stored individual files.
ASSESSMENT OF THE ISSUE
The global cyber attack infected more than 2000 systems in various countries across
the world. NotPetya began in Ukraine where government departments, Kiev’s airport and
metro station were the worst affected organizations. Chernobyl power plant’s radiation
monitoring system was also largely affected due to transitory shutdown of the windows
system(Burgess,2017). Similarly, Maersk, the world’s largest shipping company has also
confirmed that its system in Rotterdam has been infected. Several companies across US and
COMPUTER SECURITY BREACH THAT OCCURED IN JUNE 2017- NOTPETYA
CYBER ATTACK
INTRODUCTION
Computer Security Breach is an event that infects individual/organizations systems
and causes illegal access of data, applications, services and networks by affecting their basic
security mechanism. Data security breaches occur almost daily but some of the worst data
breaches happened in the year 2017. NotPetya , a major cyber attack began on 27th June 2017.
It affected networks in various countries across the globe. The malicious malware shares its
code with a former ransomware Petya, but is so called due to key differences in its operation.
The main purpose of said attack was to damage IT systems and spread quickly. The
attackers never had the intention of obtaining any sort of financial gain by extorting money.
The malevolent malware is also popular by the name of Petya, Nyetya, ExPet and few other
names(Hackett,2017). Although the cyber attack was more complex than WannaCry still it
had few flaws. The ransomware infects the system by locking the computer’s hard drive and
stored individual files.
ASSESSMENT OF THE ISSUE
The global cyber attack infected more than 2000 systems in various countries across
the world. NotPetya began in Ukraine where government departments, Kiev’s airport and
metro station were the worst affected organizations. Chernobyl power plant’s radiation
monitoring system was also largely affected due to transitory shutdown of the windows
system(Burgess,2017). Similarly, Maersk, the world’s largest shipping company has also
confirmed that its system in Rotterdam has been infected. Several companies across US and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Europe were not able to access their systems despite paying the ransom, thereby being the
main victims of the said attack. Systems in established firms such as WPP, Mondelez a food
company, law firm DLA Piper, AP Moller-Maersk- Danish shipping and transport firm, Saint
Gobain- French construction materials company, Evraz and Rosneft-Russian steel and oil
firms were also badly hit.
Thus, it is clearly understood that the attack was severe and ran its destructive course.
The current attack took advantage of Eternal Blue vulnerability in Microsoft Windows, the
hackers used Eternal Blue exploit developed by US National Security Agency which was
leaked in April by the Shadow Brokers hacker group (Brandom,2017). The said ransomware
targeted the network’s administrator tools. However, there were other ways also with which
the virus spread (McGoogan). Petya targets the hard drive and not only the individual files,
hereby inflicting more damage on systems. It not only encrypts the data but also restricts the
system to work on the whole and results in permanent erasure of important data. Hence, the
said attack is even more hazardous than WannaCry cyber attack as it not only makes the
victim’s system inoperable but could also pilfer important information.
Further, due to the complexity and severity of the said attack, it has become almost
impossible to stop it from spreading internationally. There is no clarity as to who is behind
the attack (Rothwell et.al. 2017). Petya has been regarded as “deliberate, malicious,
destructive attack or perhaps a test disguised as ransomware”, as per security researcher
Nicholas Weaver. Hence, it is clear that the said attack was designed to cause maximum
damage and spread fast with no intention to make money.
SOLUTIONS TO PREVENT SUCH ATTACKS
Since Petya targets EternalBlue vulnerability in older Windows systems, downloading
the patches that Microsoft provides is the best solution to the problem. In the month of
main victims of the said attack. Systems in established firms such as WPP, Mondelez a food
company, law firm DLA Piper, AP Moller-Maersk- Danish shipping and transport firm, Saint
Gobain- French construction materials company, Evraz and Rosneft-Russian steel and oil
firms were also badly hit.
Thus, it is clearly understood that the attack was severe and ran its destructive course.
The current attack took advantage of Eternal Blue vulnerability in Microsoft Windows, the
hackers used Eternal Blue exploit developed by US National Security Agency which was
leaked in April by the Shadow Brokers hacker group (Brandom,2017). The said ransomware
targeted the network’s administrator tools. However, there were other ways also with which
the virus spread (McGoogan). Petya targets the hard drive and not only the individual files,
hereby inflicting more damage on systems. It not only encrypts the data but also restricts the
system to work on the whole and results in permanent erasure of important data. Hence, the
said attack is even more hazardous than WannaCry cyber attack as it not only makes the
victim’s system inoperable but could also pilfer important information.
Further, due to the complexity and severity of the said attack, it has become almost
impossible to stop it from spreading internationally. There is no clarity as to who is behind
the attack (Rothwell et.al. 2017). Petya has been regarded as “deliberate, malicious,
destructive attack or perhaps a test disguised as ransomware”, as per security researcher
Nicholas Weaver. Hence, it is clear that the said attack was designed to cause maximum
damage and spread fast with no intention to make money.
SOLUTIONS TO PREVENT SUCH ATTACKS
Since Petya targets EternalBlue vulnerability in older Windows systems, downloading
the patches that Microsoft provides is the best solution to the problem. In the month of
March, 2017, a security patch was released by Microsoft to safeguard the system against
vulnerabilities exploited by Petya. Regular back up of all files is also one of the prominent
solution to prevent such attacks. Also, focusing on the prevention of cyber attacks before they
have actually happened with Next Generation Threat Prevention is important. Since once the
files are encrypted with the said virus nothing i.e. not even payment guarantees the
decryption of files, having an updated antivirus installed in the system is the best line of
defence. Hence, in order to safeguard the system from the said virus several anti-virus
companies have updated their software (Haynes,2017).
Apart from this, increasing cyber hygiene policies and employee education is also an
important solution to prevent such attacks. Phishing e-mails are the universal ransomware
delivery vector. Training employees about the current security threats and potential risk of
suspicious-looking emails can prevent the ransomware from entering the network. Lastly,
making sure that the password is complex and protecting system while using public wi-fi are
some of the other ways of protecting the system from being infected by the said virus.
CONCLUSION
Hence, it can be summarized that the year 2017 experienced one of the worst
ransomware attack by the name of Petya. It is the second major attack in the month of May
and June, first one being WannaCry which took place in the month of May. However, the
outcome of the former is considered to be even more dangerous than the latter as the main
aim of NotPetya was disturbance with a relatively small share of profit. Also, there is no
option of recovery as it restricts access to the entire system if no backup is taken. Thus,
proper updation of system with latest anti-virus along with adequate backup is the key to its
prevention.
vulnerabilities exploited by Petya. Regular back up of all files is also one of the prominent
solution to prevent such attacks. Also, focusing on the prevention of cyber attacks before they
have actually happened with Next Generation Threat Prevention is important. Since once the
files are encrypted with the said virus nothing i.e. not even payment guarantees the
decryption of files, having an updated antivirus installed in the system is the best line of
defence. Hence, in order to safeguard the system from the said virus several anti-virus
companies have updated their software (Haynes,2017).
Apart from this, increasing cyber hygiene policies and employee education is also an
important solution to prevent such attacks. Phishing e-mails are the universal ransomware
delivery vector. Training employees about the current security threats and potential risk of
suspicious-looking emails can prevent the ransomware from entering the network. Lastly,
making sure that the password is complex and protecting system while using public wi-fi are
some of the other ways of protecting the system from being infected by the said virus.
CONCLUSION
Hence, it can be summarized that the year 2017 experienced one of the worst
ransomware attack by the name of Petya. It is the second major attack in the month of May
and June, first one being WannaCry which took place in the month of May. However, the
outcome of the former is considered to be even more dangerous than the latter as the main
aim of NotPetya was disturbance with a relatively small share of profit. Also, there is no
option of recovery as it restricts access to the entire system if no backup is taken. Thus,
proper updation of system with latest anti-virus along with adequate backup is the key to its
prevention.
REFERENCES:
Brandom,R. (2017). The Petya ransomware is starting to look like a cyberattack in disguise.
Retrieved from https://www.theverge.com/2017/6/28/15888632/petya-goldeneye-
ransomware-cyberattack-ukraine-russia
Haynes,J. (2017). Cyber attack: What’s going on with the latest ransomware virus?.
Retrieved from http://www.abc.net.au/news/2017-06-28/whats-going-on-with-the-
latest-cyber-attack/8658332
Rothwell,J., Titcomb,J. & McGoogan,C. (2017). Petya Cyber Attack : Ransomware spreads
across Europe with firms in Ukraine, Britain and Spain Shut down. Retrieved from
http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/
Burgess,M. (2017). What is the Petya ransomware spreading across Europe? WIRED
explains. Retrieved from http://www.wired.co.uk/article/petya-malware-ransomware-
attack-outbreak-june-2017
McGoogan,C. (2017). Petya cyber attack: Everything to know about the global ransomware
outbreak. Retrieved from http://www.telegraph.co.uk/technology/2017/06/27/petya-
cyber-attack-everything-know-global-ransomware-outbreak/
Hackett,R. (2017). What that Globe Circling, Business-Crushing Malware Wreck Computers.
Retrieved from http://fortune.com/2017/06/30/petya-ransomware-video/
PART B
MAY 2017 RANSOMWARE CYER ATTACK
Brandom,R. (2017). The Petya ransomware is starting to look like a cyberattack in disguise.
Retrieved from https://www.theverge.com/2017/6/28/15888632/petya-goldeneye-
ransomware-cyberattack-ukraine-russia
Haynes,J. (2017). Cyber attack: What’s going on with the latest ransomware virus?.
Retrieved from http://www.abc.net.au/news/2017-06-28/whats-going-on-with-the-
latest-cyber-attack/8658332
Rothwell,J., Titcomb,J. & McGoogan,C. (2017). Petya Cyber Attack : Ransomware spreads
across Europe with firms in Ukraine, Britain and Spain Shut down. Retrieved from
http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/
Burgess,M. (2017). What is the Petya ransomware spreading across Europe? WIRED
explains. Retrieved from http://www.wired.co.uk/article/petya-malware-ransomware-
attack-outbreak-june-2017
McGoogan,C. (2017). Petya cyber attack: Everything to know about the global ransomware
outbreak. Retrieved from http://www.telegraph.co.uk/technology/2017/06/27/petya-
cyber-attack-everything-know-global-ransomware-outbreak/
Hackett,R. (2017). What that Globe Circling, Business-Crushing Malware Wreck Computers.
Retrieved from http://fortune.com/2017/06/30/petya-ransomware-video/
PART B
MAY 2017 RANSOMWARE CYER ATTACK
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INTRODUCTION
In a ransomware cyber attack, victim is duly notified about its occurrence and is
informed on how to recuperate from the attack. A worldwide cyber attack by the name of
WannaCry was witnessed in the year 2017. It affected more than 300,000 computers in about
150 countries across the globe. It is considered as “the biggest ransomware outbreak in
history”. WannaCry also known as WanaCryptOr 2.0, WannaDecrypter 2.0, WannaCry 2,
WannaDecrypter 2 and Wcry 2 spread through the network in the May of 2017. Initially, The
National Health Services (NHS) was attacked. However, it impacted several other countries
worldwide.
ASSESSMENT OF THE MAIN ISSUE
WannaCry ransom cyber attack is one of the largest cyber attack in the history of
internet. Computers running Microsoft Windows operating system were its main target. It
affected over 10,000 organizations across the world. The said ransomware encrypted the data
stored on the hard drives, thereby infecting the computers on the whole. Ransom of around
$300 was demanded for decrypting the data (Hern& Gibbs,2017). The hackers took
advantage of an exploit Eternal Blue developed by US National Security Agency. The exploit
was designed to infect terrorists systems. It caused mass destruction across the world.
The main issue with WannaCry was that it did not targeted a company or a country
but several countries and companies across the globe. WannaCry used the simplest and most
common method, phishing. The said kind of an attack sends spam mails containing nasty
software or virus containing content via emails. As soon as the ransomware program is
opened, it infects the system by encrypting the files. Another critical issue was that a
particular sum of money is demanded for decrypting the data. However, there is no
conformity of the access even after making the payment. Due to its widespread attack, it has
In a ransomware cyber attack, victim is duly notified about its occurrence and is
informed on how to recuperate from the attack. A worldwide cyber attack by the name of
WannaCry was witnessed in the year 2017. It affected more than 300,000 computers in about
150 countries across the globe. It is considered as “the biggest ransomware outbreak in
history”. WannaCry also known as WanaCryptOr 2.0, WannaDecrypter 2.0, WannaCry 2,
WannaDecrypter 2 and Wcry 2 spread through the network in the May of 2017. Initially, The
National Health Services (NHS) was attacked. However, it impacted several other countries
worldwide.
ASSESSMENT OF THE MAIN ISSUE
WannaCry ransom cyber attack is one of the largest cyber attack in the history of
internet. Computers running Microsoft Windows operating system were its main target. It
affected over 10,000 organizations across the world. The said ransomware encrypted the data
stored on the hard drives, thereby infecting the computers on the whole. Ransom of around
$300 was demanded for decrypting the data (Hern& Gibbs,2017). The hackers took
advantage of an exploit Eternal Blue developed by US National Security Agency. The exploit
was designed to infect terrorists systems. It caused mass destruction across the world.
The main issue with WannaCry was that it did not targeted a company or a country
but several countries and companies across the globe. WannaCry used the simplest and most
common method, phishing. The said kind of an attack sends spam mails containing nasty
software or virus containing content via emails. As soon as the ransomware program is
opened, it infects the system by encrypting the files. Another critical issue was that a
particular sum of money is demanded for decrypting the data. However, there is no
conformity of the access even after making the payment. Due to its widespread attack, it has
been referred as one of the worst and biggest in the history of cyber attacks (Titcomb, &
McGoogan, 2017).
WHO WERE AFFECTED AND HOW
WannaCry started affecting computers globally on 12th May, 2017. According to
Czech security firm Avast, Russia, Taiwan, Ukraine and India were the worst affected
countries (Goswami,2017). Russia was badly hit accounting for 60 percent of all infected
computers and majority of computers were of the country’s interior ministry. However,
hospitals across United Kingdom were largely affected wherein they had to avert serious
patients because of the lost access to patient data. Britain’s NHS was the most impacted as 16
of its organizations were attacked by WannaCry. In various parts of England, ailing patients
with major surgeries were sent back. Unfortunately, health services were majorly affected by
the said attack (BBC News 2017).
FedEx, leading American multinational courier delivery company reported
intervention and was badly affected. In India, 25 percent of police computers were infected in
the state of Andhra Pradesh. It was the third worst hit country affecting more than 40,000
computers. In Europe, Telefonica, a Spanish multinational broadband and
telecommunications provider was also badly hit (Wong & Solon,2017). Chinese police and
petrol stations were also victim of the attack. Deutsche Bahn, railway operator in Germany
deployed extra staff as its operations were majorly disrupted. Renault, French automobile
manufacturer was also targeted, thereby affecting its production. Nissan motor manufacturing
UK and Hitachi, Japanese electronics maker were also a victim of the attack.
HOW WAS THE ATTACK CARRIED OUT
McGoogan, 2017).
WHO WERE AFFECTED AND HOW
WannaCry started affecting computers globally on 12th May, 2017. According to
Czech security firm Avast, Russia, Taiwan, Ukraine and India were the worst affected
countries (Goswami,2017). Russia was badly hit accounting for 60 percent of all infected
computers and majority of computers were of the country’s interior ministry. However,
hospitals across United Kingdom were largely affected wherein they had to avert serious
patients because of the lost access to patient data. Britain’s NHS was the most impacted as 16
of its organizations were attacked by WannaCry. In various parts of England, ailing patients
with major surgeries were sent back. Unfortunately, health services were majorly affected by
the said attack (BBC News 2017).
FedEx, leading American multinational courier delivery company reported
intervention and was badly affected. In India, 25 percent of police computers were infected in
the state of Andhra Pradesh. It was the third worst hit country affecting more than 40,000
computers. In Europe, Telefonica, a Spanish multinational broadband and
telecommunications provider was also badly hit (Wong & Solon,2017). Chinese police and
petrol stations were also victim of the attack. Deutsche Bahn, railway operator in Germany
deployed extra staff as its operations were majorly disrupted. Renault, French automobile
manufacturer was also targeted, thereby affecting its production. Nissan motor manufacturing
UK and Hitachi, Japanese electronics maker were also a victim of the attack.
HOW WAS THE ATTACK CARRIED OUT
Phishing, one of the most common methods of cybercrime was used by the hackers.
Shadow Brokers, a group of hackers are the main culprits behind the attack. They confessed
to have stolen cyber weapon namely ‘Eternal Blue Hacking Weapon’ from America’s
National Security Agency (Perlroth et.al.2017). Eternal Blue gives unparalleled access to all
computers using Microsoft Windows. It is believed that the hackers installed the said virus on
a particular site which was again stolen by a different group of hackers. However, security
experts and government agencies believes that North Korea was behind the said attack
whereas the country has reportedly denied any such role.
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
Firstly, the major reason behind the said attack was the negligence on part of the
government. Hence, it should take necessary steps and be observant and rigid. The best
practice to protect the system is maintaining updated antivirus software. Since the attack
explicitly targeted Microsoft Windows devices, regularly updating windows and maintaining
back-ups of data on separate devices is one of the major ways of protecting the system.
Installing appropriate security patches can further protect the the windows systems. Lastly,
extensive training should be given to the staff about the potential risks associated with spam
and suspicious looking mails. Downloading of apps and software from unknown sites should
be prevented. A “kill switch” has also been developed by a security researcher which can
restrict the spread of the said attack.
REFERENCES:
Wong,J.C. & Solon,O. (2017). Massive ransomware cyber-attack hits nearly 100 countries
around the world. Retrieved from
Shadow Brokers, a group of hackers are the main culprits behind the attack. They confessed
to have stolen cyber weapon namely ‘Eternal Blue Hacking Weapon’ from America’s
National Security Agency (Perlroth et.al.2017). Eternal Blue gives unparalleled access to all
computers using Microsoft Windows. It is believed that the hackers installed the said virus on
a particular site which was again stolen by a different group of hackers. However, security
experts and government agencies believes that North Korea was behind the said attack
whereas the country has reportedly denied any such role.
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
Firstly, the major reason behind the said attack was the negligence on part of the
government. Hence, it should take necessary steps and be observant and rigid. The best
practice to protect the system is maintaining updated antivirus software. Since the attack
explicitly targeted Microsoft Windows devices, regularly updating windows and maintaining
back-ups of data on separate devices is one of the major ways of protecting the system.
Installing appropriate security patches can further protect the the windows systems. Lastly,
extensive training should be given to the staff about the potential risks associated with spam
and suspicious looking mails. Downloading of apps and software from unknown sites should
be prevented. A “kill switch” has also been developed by a security researcher which can
restrict the spread of the said attack.
REFERENCES:
Wong,J.C. & Solon,O. (2017). Massive ransomware cyber-attack hits nearly 100 countries
around the world. Retrieved from
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-
ransomware-nsa-uk-nhs
BBC News. (2017). Massive ransomware infection hits computers in 99 countries. Retrieved
from http://www.bbc.com/news/technology-39901382
Hern,A. & Gibbs,S.(2017). What is WannaCry ransomware and why is it attacking global
computers. Retrieved from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20
Perlroth,N., Scott,M. & Frenkel,S. (2017). Cyberattack hits Ukraine Then Spreads
Internationally. Retrieved from
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?
mcubz=3
Goswami,D. (2017). Wanna Cry ransomware cyber attack: 104 countries hit, India among
the worst affected, US NSA attracts criticism. Retrieved from
http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-
nsa-criticised/1/953338.html
Titcomb,J. & McGoogan,C. (2017). Cyber attack: Latest evidence indicates ‘phishing’
emails not to blame for global hack. Retrieved from
http://www.telegraph.co.uk/technology/2017/05/15/nhs-cyber-attack-latest-
authorities-warn-day-chaos-ransomware/
ransomware-nsa-uk-nhs
BBC News. (2017). Massive ransomware infection hits computers in 99 countries. Retrieved
from http://www.bbc.com/news/technology-39901382
Hern,A. & Gibbs,S.(2017). What is WannaCry ransomware and why is it attacking global
computers. Retrieved from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20
Perlroth,N., Scott,M. & Frenkel,S. (2017). Cyberattack hits Ukraine Then Spreads
Internationally. Retrieved from
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?
mcubz=3
Goswami,D. (2017). Wanna Cry ransomware cyber attack: 104 countries hit, India among
the worst affected, US NSA attracts criticism. Retrieved from
http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-
nsa-criticised/1/953338.html
Titcomb,J. & McGoogan,C. (2017). Cyber attack: Latest evidence indicates ‘phishing’
emails not to blame for global hack. Retrieved from
http://www.telegraph.co.uk/technology/2017/05/15/nhs-cyber-attack-latest-
authorities-warn-day-chaos-ransomware/
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.