Ransomware Attack on Family Planning NSW: A Case Study

Verified

Added on  2024/07/01

|5
|1253
|424
AI Summary
This case study examines the ransomware attack on Family Planning NSW in April 2018, analyzing the attack's impact, vulnerabilities exploited, and potential mitigation strategies. The attack, which demanded a ransom of $15,000 in Bitcoin, exposed the personal information of over 8,000 clients, highlighting the critical need for robust cybersecurity measures in healthcare organizations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
USB Devices
Introduction

Universal Service Bus or often called as USB are not necessarily a device but they are a standard created

for those serial connectors or cables that used for communication between Computer Stations and

Other Peripheral Devices. USB refers to any device that used in storing the data over a flash memory

with the integration of the USB interfacing. It is Sometimes called as USB Stick, USB Key or any other

names. It is popular due to its small size and less weight. USB connections are denoted by certain

connectors that need to be connected via certain ports in order to establish a reliable transfer. They are

the standard that are used in order to connect the peripheral with the computer.

The devices that could be connected to the computer with the help of USB ports are Printers, Cell

Phones, Keyboards, Mouse, Webcams, Scanner and Hard Drives. There are three generation of USB

devices:

USB 1.x,

USB 2.0,

USB 3.x. USB Standards were released in 1996 and is maintained by USB Implementers Forum.

USB Devices Characteristics:

1.
One can connect at most 127 peripherals all together to a single USB controller
2.
The USB devices will automatically go into Sleep mode if the attached device like PC, Laptop or
Cell Phone goes runs out of power of goes into power-saving mode

3.
Individual length of the USB device can be at most 5 Meters when they are not connected in a
HUB otherwise it is 40 meters

4.
USB is a Plug and Play
5.
USB devices need very less power to run and they get this power by the connected devices
Speed of USB Devices:

They have 3 different types of speed:

1.
Highest Speed: 480 Mbps
2.
Medium Speed: 12 Mbps
3.
Lowest Speed: 1.5 Mbps
Risks Associated with the USB Devices:

1.
Most of the Malware is spread through the USB Devices. This malware is hard to detect as they
attack the smaller circuits and could not be detected easily

2.
As the USB devices are often small the chances are higher of losing it
3.
Giving or attaching the USB device to other PC might bring out the viruses and Trojan from that
PC and when it is attached to the different System it might bring attack that system
Document Page
4. Sometimes the USB Device can change the DNS address setting of the system and redirect the
traffic by spoofing the network card

5.
USB devices can be used to install the malware by emulating the keyboard and issuing the
command

Threats related to the USB Devices:

1.
Unexamined USB Devices
2.
Malware installation
3.
Threat to the Network Card
4.
Loss of Important data
5.
Compatible issues with different Devices (Swierczynski, Fyrbiak, Koppe, Moradi & Paar, 2016).
Risk Minimization associated with USB Devices Threats:

1.
Using USBFILTER an open-source code that can be used by enterprises in order to prevent the
users from network jamming

2.
Preventing the Unauthorized access by using some external antivirus software
3.
Try not to put sensitive data within those USB Devices
4.
Antiloggers could be installed
What are some other methods that could be implemented in order to Mitigate the risk with the USB

Devices?

References:

Swierczynski, P., Fyrbiak, M., Koppe, P., Moradi, A., & Paar, C. (2016). Interdiction in practice—Hardware

Trojan against a high-security USB flash drive.
Journal Of Cryptographic Engineering, 7(3), 199-211. doi:
10.1007/s13389-016-0132-7
Document Page
Topic: Family Planning NSW Ransomware Attack
Introduction:

Family Planning NSW is the company that deals with Hygiene in the Women’s Reform League. On Anzac

Day that is April 25, 2018, the company got attacked by a Ransomware demanding Ransom for the data

lost during the cyber-attack. Due to this data breach, the company lost very important data related to

the clients. Also, this attack was not disclosed to the clients as it might affect the company image. Due to

this cyber-attack, more than 8000 clients’ personal information might have been exposed to the

hackers. This includes the data from those women who are seeking the appointment for the services like

abortion and other pregnancy-related issues. The personal details include the details that were

submitted through the online forms that consist of names, phone numbers, Date of Birth, Appointment

time, Query, and feedbacks. Till April 26, 2018, 10 AM the website was properly secured with the

database. A ransom of was asked in the cryptocurrency with the amount $15,000 in bitcoin was paid

(Davidson,
2018).
Process of Data Breach:

The Data Breach that has happened was done intentionally in order to access the web database of the

FPNSW. The data that was exposed during this attack was from previous 2 and a half year including the

records of 8000 clients. Further, the hackers got the access to the mainframe of the FPNSW and locked

the access over those data but the officials said that the data was not accessed by the hackers. Instead,

it was just locked from access for the organization. Further, the loss was not huge but the website

remains closed for some days that caused financial loss and also the ransom that was paid.

Exposed factors during the Ransomware:

The hacker who got access within the mainframe and locked everyone out causing the access control to

be vulnerable. Also, the hackers were not traced by any means causing another Vulnerability. The Denial

of Service for the security breach could lead to potential security attack. The admin account of FPNSW

might have been exposed to t
his data breach and got hijacked. This attack was solely done to get the
ransom and the whole system could be exposed to these kinds of attacks in the future.

Recommendations for Minimizing these kinds of attacks:

The investment in the cybersecurity needs to be applied as it can minimize the cyber attack to much

extent. The company must update all the software regularly in order to minimize the vulnerabilities that

are exposed during this kind of security attacks the software should be updated and the outdated

software should be removed.

A secure backup must be created that should not be connected to any of the systems within the

network and should be secured with the regular updates for the programs. Also, a cyber-liability

insurance could be bought in order to mitigate the expense during those attacks (Byte Back, 2017).

What are the other ways by which this kind of attacks could be minimized?

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
References:
Byte Back
. (2017). Byte Back. Retrieved 28 July 2018, from
https://www.bytebacklaw.com/2017/05/preparing-for-and-minimizing-a-ransomware-attack/

Davidson, H. (2018).
Family Planning NSW hit by ransom demand in cyber-attack. the Guardian.
Retrieved 28 July 2018, from https://www.theguardian.com/technology/2018/may/14/cyber-attack-on-

family-planning-service-could-have-revealed-client-details
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]