Cyber Security: WannaCry Ransomware Attack Discussion 2022
VerifiedAdded on  2022/10/13
|10
|1923
|20
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURITY
Cyber Security: WannaCry Ransomware Attack
Name of the Student
Name of the University
Author’s Note:
Cyber Security: WannaCry Ransomware Attack
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CYBER SECURITY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion..............................................................................................................................2
2.1 Occurrence of the WannaCry Ransomware Attack.........................................................2
2.2 Modus Operandi of the Attacker......................................................................................4
3. Conclusion..............................................................................................................................6
References..................................................................................................................................8
CYBER SECURITY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion..............................................................................................................................2
2.1 Occurrence of the WannaCry Ransomware Attack.........................................................2
2.2 Modus Operandi of the Attacker......................................................................................4
3. Conclusion..............................................................................................................................6
References..................................................................................................................................8
2
CYBER SECURITY
1. Introduction
Computer or cyber security could be referred to as proper protection or security of the
inter-linked systems, which include software, confidential data and even hardware from any
kind of cyber-attack (Von Solms & Van Niekerk, 2013). For the computing context, this type
of security consists of physical security as well as cyber security.
Both of these are being utilized by the enterprises for the core purpose of protecting
against all types of the unauthorized as well as unauthenticated accessing towards the data
centres as well as any other computerized system (Wang & Lu, 2013). This following report
will be outlining a brief discussion on the popular data breach of WannaCry ransomware
attack that took place in the year of 2017 and more than 300000 computers were infected.
2. Discussion
2.1 Occurrence of the WannaCry Ransomware Attack
This Wanna Cry ransom ware attack was one of the popular attacks that took place in
May of 2017 with the help of the most popular ransom ware crypto worm, called WannaCry.
The duration continued for 4 days. This particular worm targeted several systems, which
were running the OS for Microsoft Windows after data encryption as well as wanting
subsequent ransom as a demand (WannaCry Ransomware. 2017).
The attackers demanded ransom payment in the crypto currency of Bitcoin. The
WannaCry ransomware attack eventually propagated via Eternal Blue, which is an exploit
that was being developed by the United States NSA or National Security Agency towards
every old system of Microsoft Windows. Eternal Blue was being stolen as well as leaked by
the attackers’ group, who referred to them as The Shadow Brokers, only some months earlier
than the attack.
CYBER SECURITY
1. Introduction
Computer or cyber security could be referred to as proper protection or security of the
inter-linked systems, which include software, confidential data and even hardware from any
kind of cyber-attack (Von Solms & Van Niekerk, 2013). For the computing context, this type
of security consists of physical security as well as cyber security.
Both of these are being utilized by the enterprises for the core purpose of protecting
against all types of the unauthorized as well as unauthenticated accessing towards the data
centres as well as any other computerized system (Wang & Lu, 2013). This following report
will be outlining a brief discussion on the popular data breach of WannaCry ransomware
attack that took place in the year of 2017 and more than 300000 computers were infected.
2. Discussion
2.1 Occurrence of the WannaCry Ransomware Attack
This Wanna Cry ransom ware attack was one of the popular attacks that took place in
May of 2017 with the help of the most popular ransom ware crypto worm, called WannaCry.
The duration continued for 4 days. This particular worm targeted several systems, which
were running the OS for Microsoft Windows after data encryption as well as wanting
subsequent ransom as a demand (WannaCry Ransomware. 2017).
The attackers demanded ransom payment in the crypto currency of Bitcoin. The
WannaCry ransomware attack eventually propagated via Eternal Blue, which is an exploit
that was being developed by the United States NSA or National Security Agency towards
every old system of Microsoft Windows. Eternal Blue was being stolen as well as leaked by
the attackers’ group, who referred to them as The Shadow Brokers, only some months earlier
than the attack.
3
CYBER SECURITY
As soon as Microsoft released the patches previously for closing the exploitation, it
was being noted that maximum spreading of WannaCry ransomware attack occurred from
those organizations that either did not apply the patches or they were utilizing the old systems
of Microsoft Windows of previous models. The ransomware of WannaCry even undertook
subsequent benefit to install the backdoors within the infected system (Buczak & Guven,
2015). This attack was being stopped in few days of eventual discovery for the emergency
patch that was being released by the Microsoft Windows.
A major discovery of the kill switches, which effectively prevented every victimized
system from allowing to spread the crypto worm any further. An estimation was made that
more than two lakh computer systems were being affected within one hundred and fifty
countries. The total monetary damages ranged from 100 of millions to almost billion dollars
(Hahn et al., 2013). The respective security expert eventually estimated that the attack had
started from the country of North Korea as well as agencies, who are working for that
particular country from the primary evaluation of crypto worm.
CYBER SECURITY
As soon as Microsoft released the patches previously for closing the exploitation, it
was being noted that maximum spreading of WannaCry ransomware attack occurred from
those organizations that either did not apply the patches or they were utilizing the old systems
of Microsoft Windows of previous models. The ransomware of WannaCry even undertook
subsequent benefit to install the backdoors within the infected system (Buczak & Guven,
2015). This attack was being stopped in few days of eventual discovery for the emergency
patch that was being released by the Microsoft Windows.
A major discovery of the kill switches, which effectively prevented every victimized
system from allowing to spread the crypto worm any further. An estimation was made that
more than two lakh computer systems were being affected within one hundred and fifty
countries. The total monetary damages ranged from 100 of millions to almost billion dollars
(Hahn et al., 2013). The respective security expert eventually estimated that the attack had
started from the country of North Korea as well as agencies, who are working for that
particular country from the primary evaluation of crypto worm.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
CYBER SECURITY
Figure 1: Message Displayed on WannaCry Ransomware Attack
(Source: WannaCry Ransomware. 2017)
In the month of December of 2017, three countries of Australia, United Kingdom and
the United States eventually asserted that the country of North Korea was found culprit for
this attack. The new variants of this Wanna Cry ransom ware eventually forced TSMC or
Taiwan Semiconductor Manufacturing Company for shutting down their numerous factories
of chip fabrication temporarily during the year of 2018 (Elmaghraby & Losavio, 2014).
The respective virus was being spread to more than ten thousand machines within the
most advanced facilities of Taiwan Semiconductor Manufacturing Company. WannaCry
ramsonware attack eventually hampered that information security of the entire computer
industry in the world. Information security, which is effectively designed for maintaining the
CIA or confidentiality, integrity and even availability of confidential data. Maintenance of
respective CIA is extremely important since it ensures security is maintained without much
CYBER SECURITY
Figure 1: Message Displayed on WannaCry Ransomware Attack
(Source: WannaCry Ransomware. 2017)
In the month of December of 2017, three countries of Australia, United Kingdom and
the United States eventually asserted that the country of North Korea was found culprit for
this attack. The new variants of this Wanna Cry ransom ware eventually forced TSMC or
Taiwan Semiconductor Manufacturing Company for shutting down their numerous factories
of chip fabrication temporarily during the year of 2018 (Elmaghraby & Losavio, 2014).
The respective virus was being spread to more than ten thousand machines within the
most advanced facilities of Taiwan Semiconductor Manufacturing Company. WannaCry
ramsonware attack eventually hampered that information security of the entire computer
industry in the world. Information security, which is effectively designed for maintaining the
CIA or confidentiality, integrity and even availability of confidential data. Maintenance of
respective CIA is extremely important since it ensures security is maintained without much
5
CYBER SECURITY
complexity (Cherdantseva et al., 2016). However, in this particular attack, the CIA of
customers’ data was being maintained.
2.2 Modus Operandi of the Attacker
WannaCry is a ransom ware crypto worm, which had eventually targeted all systems,
which were running the operating system of Microsoft Window after data encryption and
demanding for a ransom payment in terms of Bitcoin. This worm is termed as WannaCrypt,
WannaDecryptor, WanaCryptor 2.0 and WanaDecryptor 2.0. This is eventually considered as
a work of network as it even involves the transport mechanisms for spreading itself in an
automatic manner (Wells et al., 2014). The respective transport code then scans for all types
of vulnerable system before utilizing the exploit of Eternal Blue and gaining access. The
attackers then utilized the tool of Double Pulsar for installation as well as execution of the
copy of the transport codes.
They had created the versions of WannaCry of 0, 1 and 2 with the help of Microsoft
Visual C++ of version 6.0. The Eternal Blue is the major exploit for SMB or Server Message
Block of the Windows’ protocol that was being released by group of hackers, Shadow
Brokers. Microsoft discovered the threat and then they then issued a security based bulletin of
MS 17 010 that comprised of the details for flaws, before announcing that the patches were
being released for each and every version of Windows (Abawajy, 2014). They even ensured
that this security bulletin is supported by the several versions of Windows Vista, Windows
10, 8, Server 2008, Server 2016, 7, Server 2008 R2 and even Server 2012.
CYBER SECURITY
complexity (Cherdantseva et al., 2016). However, in this particular attack, the CIA of
customers’ data was being maintained.
2.2 Modus Operandi of the Attacker
WannaCry is a ransom ware crypto worm, which had eventually targeted all systems,
which were running the operating system of Microsoft Window after data encryption and
demanding for a ransom payment in terms of Bitcoin. This worm is termed as WannaCrypt,
WannaDecryptor, WanaCryptor 2.0 and WanaDecryptor 2.0. This is eventually considered as
a work of network as it even involves the transport mechanisms for spreading itself in an
automatic manner (Wells et al., 2014). The respective transport code then scans for all types
of vulnerable system before utilizing the exploit of Eternal Blue and gaining access. The
attackers then utilized the tool of Double Pulsar for installation as well as execution of the
copy of the transport codes.
They had created the versions of WannaCry of 0, 1 and 2 with the help of Microsoft
Visual C++ of version 6.0. The Eternal Blue is the major exploit for SMB or Server Message
Block of the Windows’ protocol that was being released by group of hackers, Shadow
Brokers. Microsoft discovered the threat and then they then issued a security based bulletin of
MS 17 010 that comprised of the details for flaws, before announcing that the patches were
being released for each and every version of Windows (Abawajy, 2014). They even ensured
that this security bulletin is supported by the several versions of Windows Vista, Windows
10, 8, Server 2008, Server 2016, 7, Server 2008 R2 and even Server 2012.
6
CYBER SECURITY
Figure 2: Operation of WannaCry Ransomware
(Source: Wells et al., 2014)
The Shadow Brokers even released a backdoor tool of Double Pulsar on 2017, which
helped the security researchers to report that there existed thousands of computer systems that
had Double Pulsar installed within them. It was easier for them to stop the attack in this
manner. The reports even made an estimation that the number of the infected systems can
increase to hundred thousand (Cavelty, 2014).
The code of WannaCry could even undertake benefits from the existing infection of
Double Pulsar and even installation to itself. As soon as it was being executed, the respective
malware of WannaCry at first checked the specific domain name, called kill switch; when it
was not being found, the ransomware encrypted the data of the computer systems. This
particular malware then also attempted to subsequently exploit the vulnerability so that they
are able to spread out to the other computer systems over the Internet and majorly on the
systems over a same network.
CYBER SECURITY
Figure 2: Operation of WannaCry Ransomware
(Source: Wells et al., 2014)
The Shadow Brokers even released a backdoor tool of Double Pulsar on 2017, which
helped the security researchers to report that there existed thousands of computer systems that
had Double Pulsar installed within them. It was easier for them to stop the attack in this
manner. The reports even made an estimation that the number of the infected systems can
increase to hundred thousand (Cavelty, 2014).
The code of WannaCry could even undertake benefits from the existing infection of
Double Pulsar and even installation to itself. As soon as it was being executed, the respective
malware of WannaCry at first checked the specific domain name, called kill switch; when it
was not being found, the ransomware encrypted the data of the computer systems. This
particular malware then also attempted to subsequently exploit the vulnerability so that they
are able to spread out to the other computer systems over the Internet and majorly on the
systems over a same network.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER SECURITY
Similar to the other ransomware attacks, the specific payload displayed a message,
which informed the users about files having encrypted. The group of The Shadow Brokers
demanded for a payment of either three hundred US dollars in terms of Bitcoin in 3 days or
six hundred US dollars in 7 days. They provided 3 hard coded wallets or addresses of Bitcoin
that were required to be utilized for receiving the victims’ payments (WannaCry Ransomware
2017).
The balances and transactions of these transactions were being publicly accessible
even by the wallet owners of crypto currency. The WannaCry attack took place on 12th May
2017, Friday with a major evidence that pointed towards the initial infection occurred in Asia.
It was not given priority and was considered as mere phishing. Within 24 hours, the code
infected 230000 systems in the entire world. Until today, the group of hackers, who had
initiated the attack, known as the Shadow Brokers are uncaught.
3. Conclusion
Therefore, conclusion could be drawn that there are numerous data breaches in the
world, which took place due to lack of cyber protection. The main purpose of this cyber
security is helping to get prevention from the cyber attacks, identity theft and even data
breach as well as could even measure in the management of risks. When the respective
company comprises of a stronger sense of security for their networks or even the efficient IR
planning, they have the ability to prevent or even mitigate the attacks. There exist several
kinds of threats for cyber security, which include ransomware, malware, phishing and social
engineering attack. This above given report has clearly demonstrated a clear description of
the WannaCry ransomware attack with relevant details. Modus operandi of the ransomware
attack is well described in this report.
CYBER SECURITY
Similar to the other ransomware attacks, the specific payload displayed a message,
which informed the users about files having encrypted. The group of The Shadow Brokers
demanded for a payment of either three hundred US dollars in terms of Bitcoin in 3 days or
six hundred US dollars in 7 days. They provided 3 hard coded wallets or addresses of Bitcoin
that were required to be utilized for receiving the victims’ payments (WannaCry Ransomware
2017).
The balances and transactions of these transactions were being publicly accessible
even by the wallet owners of crypto currency. The WannaCry attack took place on 12th May
2017, Friday with a major evidence that pointed towards the initial infection occurred in Asia.
It was not given priority and was considered as mere phishing. Within 24 hours, the code
infected 230000 systems in the entire world. Until today, the group of hackers, who had
initiated the attack, known as the Shadow Brokers are uncaught.
3. Conclusion
Therefore, conclusion could be drawn that there are numerous data breaches in the
world, which took place due to lack of cyber protection. The main purpose of this cyber
security is helping to get prevention from the cyber attacks, identity theft and even data
breach as well as could even measure in the management of risks. When the respective
company comprises of a stronger sense of security for their networks or even the efficient IR
planning, they have the ability to prevent or even mitigate the attacks. There exist several
kinds of threats for cyber security, which include ransomware, malware, phishing and social
engineering attack. This above given report has clearly demonstrated a clear description of
the WannaCry ransomware attack with relevant details. Modus operandi of the ransomware
attack is well described in this report.
8
CYBER SECURITY
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248.
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), 701-715.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497.
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer networks, 57(5), 1344-1371.
WannaCry Ransomware. (2017). [online]. Accessed from
https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html [Accessed on 02 July 2019].
CYBER SECURITY
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248.
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), 701-715.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497.
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer networks, 57(5), 1344-1371.
WannaCry Ransomware. (2017). [online]. Accessed from
https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html [Accessed on 02 July 2019].
9
CYBER SECURITY
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.
CYBER SECURITY
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.