IT Security: WannaCry Ransomware Attack

Verified

Added on  2023/01/19

|12
|3038
|37
AI Summary
This document provides an analysis of the WannaCry ransomware attack, including its causes, impact, and possible solutions. It discusses the worldwide attack that targeted computers running on older versions of Microsoft Windows and explores the vulnerabilities that allowed the attack to occur. The document also offers insights into preventive measures and the importance of using updated security patches.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: IT SECURITY
IT Security
Name of Student
Name of University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
IT SECURITY
Table of Contents
Part A : WannaCry Ransomware Attack.............................................................................2
Answer 1..........................................................................................................................2
1.1. Introduction...........................................................................................................2
1.2. The problem: WannaCry ransomware Attack......................................................2
1.3. Why it occurred?...................................................................................................3
1.4. Possible Solutions.................................................................................................4
Answer 2..........................................................................................................................4
Part B...................................................................................................................................7
1. The Problem.................................................................................................................7
2. Who were affected?.....................................................................................................8
3. How was the attack carried out?..................................................................................8
4. The Solution.................................................................................................................9
References..........................................................................................................................10
Document Page
2
IT SECURITY
Part A : WannaCry Ransomware Attack
Answer 1
1.1. Introduction
The report aims in analysis a computer data security breach that has occurred during the
period of April-August 2015-2018. The computer security breach that is chosen includes
WannaCry ransomware attack (Mohurle & Patil, 2017). The worldwide attack that targeted the
computers running on an older version of Microsoft windows is termed as WannaCry
ransomware attack (Chen & Bridges, 2017). The report focuses on the problem that led to the
attack. The report will further discuss the measures and the possible solutions that could have
been undertaken in order to address and eliminate the issue.
1.2. The problem: WannaCry ransomware Attack
The WannaCry ransomware attack was wide spread that was targeted on the computers
making use of older verison of Microsoft windows. The attack rapidly spread worldwide by
accessing the infected networks in the year 2017. The attack was quite dangerous as it encrypted
the files on the infected computer in order to restrict the access of the files by the legitimate users
(Kshetri & Voas, 2017). The attacker would then ask for a ransom in form of bitcoin to let the
legitimate users access those files. The attacker would specify a time limit of paying the ransom
after which the files on the computer would be deleted permanently. The waannacry ransomware
attack was noteworthy particularly because it was able to target quite a large number of systems
that were high profile, including Britain’s National Health Service by exploiting vulnerability of
the windows operating system (Collier, 2017). the United States National security Agency was
first to identify the attack.
Document Page
3
IT SECURITY
Components of WannaCry ransomware: The WannaCry ransomware involves a number of
components. The ransomware arrived in form of a dropper, with a self-contained program in a
computer, whihc is capable of extracting other applications on a particular system (Kalita, 2017).
The components of the WannaCry ransomware attack are as follows-
1. An application that is capable of encrypting as well as decrypting the data on a system
2. A file that contains all the keys for encryption
3. Copy of Tor
The process of infection: The vector of the attack is quite interesting in form of a ransomware.
The Windows operating system vulnerability was exploited by the WannaCry ransomware
attack. If the windows were updated to their latest version, the attack could have been avoided.
The virus targeted only the systems which were nit updated to their latest version.
The attack however, could be stopped within few days of discovery as the security patch
needed for disabling the infection was released two months before the attack (Kao & Hsiao,
2018). The unpatched Windows 10 system were vulnerable to the attack. The cryptogram
WannaCry ransomware mainly targeted the computers that were running on a very old version of
Windows OS
1.3. Why it occurred?
The attack could have been eliminated if all the computers that were attacked were
running on an updated version of the software. The main vulnerability that the WannaCry
ransomware attack had exploited was unpatched windows server (Martin et al., 2018). One of the
most significant problems was that the cryptogram was able to easily spread to the entire

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
IT SECURITY
network after attacking a single computer (Hsiao & Kao, 2018). This lead to the rapid spread of
the virus into the system. Therefore, one of the most effective preventive measures against this
attack was to make use of genuine and updated windows operating system.
1.4. Possible Solutions
The WannaCry ransomware attack could have been defended if certain security measures
were in place. The first one is making use of updated security patch. The systems that were
attacked were making use of an out of date operating system that led to the easy spread of the
cryptogram among the different systems (Shakir & Jaber, 2017). It has been observed that the
ransomware had mainly attacked the windows operating system running on an older version,
leaving a trail of significant damage. The reports prove that Europe has the highest number of
Wannacry ransomware detection. Since the WannaCry ransomware has the capability of
propagating like a worm leading to its spread across the networks.
This cyber security attack could have been prevented by making use of an updated
windows OS. Along with that, the users of the computers need to protect the data on the
computer by making use of the firewall to guard against the data security breaches that the
system can face (Schirrmacher, Ondrus & Tan, 2018). The users need to be well aware of the
data security processes needed in a computer and ensure that the system is updated with latest
security patch to eliminate the chances of facing similar attack in future.
Answer 2
Asynchronous I/O activity is a type of input output processing that enables the other
processing to continue even prior to the finish of transmission. Asynchronous I/O activity is
generally used in real-time application that requires a high speed of volume and data collection.
Document Page
5
IT SECURITY
Computer-intensive process is known to make use of I/O instead of blocking. Asynchronous I/O
operations are mainly conducted by making use of open file descriptor. Asynchronous I/O
activity is a major issues in memory protection as in Asynchronous I/O activity it cannot be
assured whether the data on the data bus is fresh or not. This problem is faced particularly in
Asynchronous I/O, there is no slot of sending or receiving of the data. The problem of lack of
slot for sending or receiving of the data adds to the problem of base/bounds and paging.
The issues faced in the Asynchronous I/O activity can be eliminated or reduced by the
two mechanisms, which are strobe and handshaking (Jeong, Lee & Kim, 2015). The detailed
discussed on the proposed two mechanism are indicated in the following sections.
Strobe Mechanism: In this mechanism, a signal called strobe signal is sent that validates the
data or other signal on the adjacent parallel lines. In source initiated strobe, the time when the
source initiates the process of data transfer, strobe is considered to be a signal. In strobe
mechanism,
1. At first the source puts all the necessary data on the data bus and then ON the signal
2. Destination on seeing the ON signal of the strobe, reads message from the data bus
3. The strobe gets off after reading data from data bus. Similar mechanism is followed in
destination initiated strobes as well (Yu ET AL., 2014). The following section gives an idea of
the handshaking mechanism.
Handshaking Mechanism: The hand shaking mechanism mainly consists of signals which
includes data valid and data accepted (Jeong, Lee & Kim, 2015). The handshaking method can
be initiated both by the source and the destination which checks the validity of the data.
Document Page
6
IT SECURITY
In this method, the data is put in the data bus followed by which a valid data signal gets
active. Only after accepting a valid data, the signal gets off. The destination initiated process of
data transfer request if the data is on by putting all the data on the bus. Thus, these two methods
are capable of solving the problem related to asynchronous I/O activity.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
IT SECURITY
Part B
The Sony Play station 2011 outage took place in 2011 that forced Sony to switch off their
entire PlayStation network on April 20. The PlayStation network of Sony was compromised in
the year 2011 suspending its normal operations. The hacking of the PlayStation network was not
anticipated as Sony is always known for their tight security (Poulsen, 2011). This attack occurred
soon after the distributed denial of service attack (DDoS) that was laid on the PlayStation
network (Sangani, 2011). The outage of the Sony’s PlayStation continued for a few days till
Sony was able to rebuild its network.
1. The Problem
The attack associated with Sony PlayStation network was identified on April 19, 2011.
Sony could not readily identify the extent of the breach leading to a serious damage as 77 million
user account details of the Sony PlayStation network was stolen from Sony. As a consequence of
the problem, Sony had shut down its PSN network on April 20th on basis of certain technical
problems. After six long days, Sony released a public statement stating that their PlayStation
network was compromised (Schreier, 2011). The data security breach that resulted in the
network outage was an act of external intrusion by an attacker who could not be identified.
The network outage in the PlayStation network of Sony seems to be linked with the large
scale DDoS attack on the PlayStation network by Anonymous. The DDoS attack was launched
on April 4. On April `19, the technicians of San Diego office of Sony identified that four
computers were rebooting without actual authorization (Kuchera, 2011). On identification of the
problem, Sony took down their servers for further investigation leading to network outage. It was
later identified that the external intrusion had led to compromise of the data of 77 million users.
Document Page
8
IT SECURITY
The network outage although was not a major problem, the personal data that was
compromised in the attack is found to be another significant problem. The hackers however,
could not collect the credit card data as those data was encrypted. However, the data that the
hackers could collect can be put to use to identify the accounts of the users on Facebook, Netflix
etc. The data can further be used to send phishing emails aimed in collection of the sensitive
information such as information of bank account, credit card number and other sensitive
information. This is generally termed as re-identification attack (Raiu, 2012). Therefore, it can be
said that the network outage attack on Sony PlayStation network lead to significant data loss. As
a consequence of the attack, Sony also had to fight legal battles with the customer. Followed by
the declaration of the network outage attack by Sony, a number of lawsuits were filed against
Sony.
2. Who were affected?
The attack affected both Sony and its customers. The attack on Sony PlayStation network
has resulted in data compromise of 77 million users. The data compromise of the data of the
customers’ of Sony PlayStation network include the personal details including the personal
information of the customers such as their name, emails account number and credit card
information (Thomas, 2018). The credit card information however, could not be used or accessed
by the hackers as those data were encrypted. The network attack further affected that Sony’s
reputation leading to a huge reputation risk to Sony as the network was shut down for hours
citing network outage.
3. How was the attack carried out?
Document Page
9
IT SECURITY
It was practically impossible to hack into Sony’s network as Sony is known for its strong
security. Furthermore, the exact attack vendor of the Sony PlayStation network could not be
identified. It is a known fact that Anonymous had taken PSN to his knees a number of times in
April 2011. Anonymous led the DDoS attack as it wanted to avenge the legal actions that Sony
took against the PS3 jail breaker (Kuchera, 2011). Sony had filed a lawsuit against Hotz for
violating the computer fraud and the abuse that facilitated copyright infringement. As an answer
to this forceful retaliation by Sony, Anonymous, and the famous hacktivist group launched a
large scale DDoS attack on the PlayStation network, for which the network was down for almost
20 minutes. However, Anonymous did not took the responsibility of data breach attack that took
place in April 19. Since the exact attack vector could not be identified, it is anticipated that
Anonymous was behind the attack. This is because it is quite possible that Anonymous already
had information about the issue and weakness in the security mechanism of the PlayStation
network. Those data could have been used by the anonymous to lead an attack or could have
been passed to another group of hackers. The attack was quite similar to an SQL injection attack.
4. The Solution
The attack on Sony network could have been eliminated or reduced if regular security
check was conducted in the internal network of Sony. Sony has no business continuity plan that
resulted in shutting down of the PlayStation network and network outage (Kuchera, 2011). The
external intrusion could have been avoided if a strong security was enforced into the system.
.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
IT SECURITY
References
Chen, Q., & Bridges, R. A. (2017, December). Automated behavioral analysis of malware: A
case study of wannacry ransomware. In 2017 16th IEEE International Conference on
Machine Learning and Applications (ICMLA) (pp. 454-460). IEEE.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Hsiao, S. C., & Kao, D. Y. (2018, February). The static analysis of WannaCry ransomware.
In 2018 20th International Conference on Advanced Communication Technology
(ICACT) (pp. 153-158). IEEE.
Jeong, D., Lee, Y., & Kim, J. S. (2015). Boosting quasi-asynchronous I/O for better
responsiveness in mobile devices. In 13th {USENIX} Conference on File and Storage
Technologies ({FAST} 15) (pp. 191-202).
Kalita, E. (2017). WannaCry Ransomware Attack: Protect Yourself from WannaCry
Ransomware Cyber Risk and Cyber War.
Kao, D. Y., & Hsiao, S. C. (2018, February). The dynamic analysis of WannaCry ransomware.
In 2018 20th International Conference on Advanced Communication Technology
(ICACT) (pp. 159-166). IEEE.
Kshetri, N., & Voas, J. (2017). Do crypto-currencies fuel ransomware?. IT professional, 19(5),
11-15.
Kuchera, B. (2011). PlayStation Network hacked, data stolen: how badly is Sony hurt?. Ars
Technica.
Document Page
11
IT SECURITY
Martin, G., Ghafur, S., Kinross, J., Hankin, C., & Darzi, A. (2018). WannaCry-a year on. BMJ:
British Medical Journal (Online), 361.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
Poulsen, K. (2011). PlayStation network hack: Who did it. Wired New.
Raiu, C. (2012). Cyber-threat evolution: the past year. Computer Fraud & Security, 2012(3), 5-8.
Sangani, K. (2011). Sony security laid bare. Engineering & Technology, 6(8), 74-77.
Schirrmacher, N. B., Ondrus, J., & Tan, F. T. C. (2018). Towards a Response to Ransomware:
Examining Digital Capabilities of the WannaCry Attack. Proceedings from PACIS.
Schreier, J. (2011). Sony hacked again; 25 million entertainment users’ info at risk.
Shakir, H. A., & Jaber, A. N. (2017, November). A Short Review for Ransomware: Pros and
Cons. In International Conference on P2P, Parallel, Grid, Cloud and Internet
Computing (pp. 401-411). Springer, Cham.
Thomas, J. (2018). Individual cyber security: Empowering employees to resist spear phishing to
prevent identity theft and ransomware attacks.
Yu, Y. J., Shin, D. I., Shin, W., Song, N. Y., Choi, J. W., Kim, H. S., ... & Yeom, H. Y. (2014).
Optimizing the block I/O subsystem for fast storage devices. ACM Transactions on
Computer Systems (TOCS), 32(2), 6.
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]