Ransomware Attack on Family Planning NSW: A Case Study
VerifiedAdded on 2024/07/01
|5
|1253
|424
AI Summary
This case study examines the ransomware attack on Family Planning NSW in April 2018, analyzing the attack's impact, vulnerabilities exploited, and potential mitigation strategies. The attack, which demanded a ransom of $15,000 in Bitcoin, exposed the personal information of over 8,000 clients, highlighting the critical need for robust cybersecurity measures in healthcare organizations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
USB Devices
Introduction
Universal Service Bus or often called as USB are not necessarily a device but they are a standard created
for those serial connectors or cables that used for communication between Computer Stations and
Other Peripheral Devices. USB refers to any device that used in storing the data over a flash memory
with the integration of the USB interfacing. It is Sometimes called as USB Stick, USB Key or any other
names. It is popular due to its small size and less weight. USB connections are denoted by certain
connectors that need to be connected via certain ports in order to establish a reliable transfer. They are
the standard that are used in order to connect the peripheral with the computer.
The devices that could be connected to the computer with the help of USB ports are Printers, Cell
Phones, Keyboards, Mouse, Webcams, Scanner and Hard Drives. There are three generation of USB
devices:
USB 1.x,
USB 2.0,
USB 3.x. USB Standards were released in 1996 and is maintained by USB Implementers Forum.
USB Devices Characteristics:
1. One can connect at most 127 peripherals all together to a single USB controller
2. The USB devices will automatically go into Sleep mode if the attached device like PC, Laptop or
Cell Phone goes runs out of power of goes into power-saving mode
3. Individual length of the USB device can be at most 5 Meters when they are not connected in a
HUB otherwise it is 40 meters
4. USB is a Plug and Play
5. USB devices need very less power to run and they get this power by the connected devices
Speed of USB Devices:
They have 3 different types of speed:
1. Highest Speed: 480 Mbps
2. Medium Speed: 12 Mbps
3. Lowest Speed: 1.5 Mbps
Risks Associated with the USB Devices:
1. Most of the Malware is spread through the USB Devices. This malware is hard to detect as they
attack the smaller circuits and could not be detected easily
2. As the USB devices are often small the chances are higher of losing it
3. Giving or attaching the USB device to other PC might bring out the viruses and Trojan from that
PC and when it is attached to the different System it might bring attack that system
Introduction
Universal Service Bus or often called as USB are not necessarily a device but they are a standard created
for those serial connectors or cables that used for communication between Computer Stations and
Other Peripheral Devices. USB refers to any device that used in storing the data over a flash memory
with the integration of the USB interfacing. It is Sometimes called as USB Stick, USB Key or any other
names. It is popular due to its small size and less weight. USB connections are denoted by certain
connectors that need to be connected via certain ports in order to establish a reliable transfer. They are
the standard that are used in order to connect the peripheral with the computer.
The devices that could be connected to the computer with the help of USB ports are Printers, Cell
Phones, Keyboards, Mouse, Webcams, Scanner and Hard Drives. There are three generation of USB
devices:
USB 1.x,
USB 2.0,
USB 3.x. USB Standards were released in 1996 and is maintained by USB Implementers Forum.
USB Devices Characteristics:
1. One can connect at most 127 peripherals all together to a single USB controller
2. The USB devices will automatically go into Sleep mode if the attached device like PC, Laptop or
Cell Phone goes runs out of power of goes into power-saving mode
3. Individual length of the USB device can be at most 5 Meters when they are not connected in a
HUB otherwise it is 40 meters
4. USB is a Plug and Play
5. USB devices need very less power to run and they get this power by the connected devices
Speed of USB Devices:
They have 3 different types of speed:
1. Highest Speed: 480 Mbps
2. Medium Speed: 12 Mbps
3. Lowest Speed: 1.5 Mbps
Risks Associated with the USB Devices:
1. Most of the Malware is spread through the USB Devices. This malware is hard to detect as they
attack the smaller circuits and could not be detected easily
2. As the USB devices are often small the chances are higher of losing it
3. Giving or attaching the USB device to other PC might bring out the viruses and Trojan from that
PC and when it is attached to the different System it might bring attack that system
4. Sometimes the USB Device can change the DNS address setting of the system and redirect the
traffic by spoofing the network card
5. USB devices can be used to install the malware by emulating the keyboard and issuing the
command
Threats related to the USB Devices:
1. Unexamined USB Devices
2. Malware installation
3. Threat to the Network Card
4. Loss of Important data
5. Compatible issues with different Devices (Swierczynski, Fyrbiak, Koppe, Moradi & Paar, 2016).
Risk Minimization associated with USB Devices Threats:
1. Using USBFILTER an open-source code that can be used by enterprises in order to prevent the
users from network jamming
2. Preventing the Unauthorized access by using some external antivirus software
3. Try not to put sensitive data within those USB Devices
4. Antiloggers could be installed
What are some other methods that could be implemented in order to Mitigate the risk with the USB
Devices?
References:
Swierczynski, P., Fyrbiak, M., Koppe, P., Moradi, A., & Paar, C. (2016). Interdiction in practice—Hardware
Trojan against a high-security USB flash drive. Journal Of Cryptographic Engineering, 7(3), 199-211. doi:
10.1007/s13389-016-0132-7
traffic by spoofing the network card
5. USB devices can be used to install the malware by emulating the keyboard and issuing the
command
Threats related to the USB Devices:
1. Unexamined USB Devices
2. Malware installation
3. Threat to the Network Card
4. Loss of Important data
5. Compatible issues with different Devices (Swierczynski, Fyrbiak, Koppe, Moradi & Paar, 2016).
Risk Minimization associated with USB Devices Threats:
1. Using USBFILTER an open-source code that can be used by enterprises in order to prevent the
users from network jamming
2. Preventing the Unauthorized access by using some external antivirus software
3. Try not to put sensitive data within those USB Devices
4. Antiloggers could be installed
What are some other methods that could be implemented in order to Mitigate the risk with the USB
Devices?
References:
Swierczynski, P., Fyrbiak, M., Koppe, P., Moradi, A., & Paar, C. (2016). Interdiction in practice—Hardware
Trojan against a high-security USB flash drive. Journal Of Cryptographic Engineering, 7(3), 199-211. doi:
10.1007/s13389-016-0132-7
Topic: Family Planning NSW Ransomware Attack
Introduction:
Family Planning NSW is the company that deals with Hygiene in the Women’s Reform League. On Anzac
Day that is April 25, 2018, the company got attacked by a Ransomware demanding Ransom for the data
lost during the cyber-attack. Due to this data breach, the company lost very important data related to
the clients. Also, this attack was not disclosed to the clients as it might affect the company image. Due to
this cyber-attack, more than 8000 clients’ personal information might have been exposed to the
hackers. This includes the data from those women who are seeking the appointment for the services like
abortion and other pregnancy-related issues. The personal details include the details that were
submitted through the online forms that consist of names, phone numbers, Date of Birth, Appointment
time, Query, and feedbacks. Till April 26, 2018, 10 AM the website was properly secured with the
database. A ransom of was asked in the cryptocurrency with the amount $15,000 in bitcoin was paid
(Davidson, 2018).
Process of Data Breach:
The Data Breach that has happened was done intentionally in order to access the web database of the
FPNSW. The data that was exposed during this attack was from previous 2 and a half year including the
records of 8000 clients. Further, the hackers got the access to the mainframe of the FPNSW and locked
the access over those data but the officials said that the data was not accessed by the hackers. Instead,
it was just locked from access for the organization. Further, the loss was not huge but the website
remains closed for some days that caused financial loss and also the ransom that was paid.
Exposed factors during the Ransomware:
The hacker who got access within the mainframe and locked everyone out causing the access control to
be vulnerable. Also, the hackers were not traced by any means causing another Vulnerability. The Denial
of Service for the security breach could lead to potential security attack. The admin account of FPNSW
might have been exposed to this data breach and got hijacked. This attack was solely done to get the
ransom and the whole system could be exposed to these kinds of attacks in the future.
Recommendations for Minimizing these kinds of attacks:
The investment in the cybersecurity needs to be applied as it can minimize the cyber attack to much
extent. The company must update all the software regularly in order to minimize the vulnerabilities that
are exposed during this kind of security attacks the software should be updated and the outdated
software should be removed.
A secure backup must be created that should not be connected to any of the systems within the
network and should be secured with the regular updates for the programs. Also, a cyber-liability
insurance could be bought in order to mitigate the expense during those attacks (Byte Back, 2017).
What are the other ways by which this kind of attacks could be minimized?
Introduction:
Family Planning NSW is the company that deals with Hygiene in the Women’s Reform League. On Anzac
Day that is April 25, 2018, the company got attacked by a Ransomware demanding Ransom for the data
lost during the cyber-attack. Due to this data breach, the company lost very important data related to
the clients. Also, this attack was not disclosed to the clients as it might affect the company image. Due to
this cyber-attack, more than 8000 clients’ personal information might have been exposed to the
hackers. This includes the data from those women who are seeking the appointment for the services like
abortion and other pregnancy-related issues. The personal details include the details that were
submitted through the online forms that consist of names, phone numbers, Date of Birth, Appointment
time, Query, and feedbacks. Till April 26, 2018, 10 AM the website was properly secured with the
database. A ransom of was asked in the cryptocurrency with the amount $15,000 in bitcoin was paid
(Davidson, 2018).
Process of Data Breach:
The Data Breach that has happened was done intentionally in order to access the web database of the
FPNSW. The data that was exposed during this attack was from previous 2 and a half year including the
records of 8000 clients. Further, the hackers got the access to the mainframe of the FPNSW and locked
the access over those data but the officials said that the data was not accessed by the hackers. Instead,
it was just locked from access for the organization. Further, the loss was not huge but the website
remains closed for some days that caused financial loss and also the ransom that was paid.
Exposed factors during the Ransomware:
The hacker who got access within the mainframe and locked everyone out causing the access control to
be vulnerable. Also, the hackers were not traced by any means causing another Vulnerability. The Denial
of Service for the security breach could lead to potential security attack. The admin account of FPNSW
might have been exposed to this data breach and got hijacked. This attack was solely done to get the
ransom and the whole system could be exposed to these kinds of attacks in the future.
Recommendations for Minimizing these kinds of attacks:
The investment in the cybersecurity needs to be applied as it can minimize the cyber attack to much
extent. The company must update all the software regularly in order to minimize the vulnerabilities that
are exposed during this kind of security attacks the software should be updated and the outdated
software should be removed.
A secure backup must be created that should not be connected to any of the systems within the
network and should be secured with the regular updates for the programs. Also, a cyber-liability
insurance could be bought in order to mitigate the expense during those attacks (Byte Back, 2017).
What are the other ways by which this kind of attacks could be minimized?
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References:
Byte Back. (2017). Byte Back. Retrieved 28 July 2018, from
https://www.bytebacklaw.com/2017/05/preparing-for-and-minimizing-a-ransomware-attack/
Davidson, H. (2018). Family Planning NSW hit by ransom demand in cyber-attack. the Guardian.
Retrieved 28 July 2018, from https://www.theguardian.com/technology/2018/may/14/cyber-attack-on-
family-planning-service-could-have-revealed-client-details
Byte Back. (2017). Byte Back. Retrieved 28 July 2018, from
https://www.bytebacklaw.com/2017/05/preparing-for-and-minimizing-a-ransomware-attack/
Davidson, H. (2018). Family Planning NSW hit by ransom demand in cyber-attack. the Guardian.
Retrieved 28 July 2018, from https://www.theguardian.com/technology/2018/may/14/cyber-attack-on-
family-planning-service-could-have-revealed-client-details
1 out of 5
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.