Analyzing the WannaCry Ransomware Attack

Verified

Added on  2020/02/24

|12
|2659
|57
AI Summary
This assignment delves into the WannaCry ransomware attack that occurred in May 2017, examining its underlying reasons and highlighting effective preventive strategies. It emphasizes the importance of cybersecurity measures in mitigating such attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
INFORMATION SECURITY
Executive Summary
This report focuses on the recent data breaches that took place in July 2017. It discusses about
the Verizon data breach that took place due the misconfiguration of the cloud. The second part of
the report talks about the WannaCry ransomware attack that took place in May, 2017. In the end
this report also gives recommendation about the preventive measures that can be taken in order
to resolve such security issues.
Document Page
2
INFORMATION SECURITY
Table of Contents
Introduction..........................................................................................................................3
Part A...................................................................................................................................3
Problem............................................................................................................................3
Reason for the Data Breach.............................................................................................3
How did the Data Breach Occur......................................................................................5
Possible Solution.............................................................................................................5
Part B...................................................................................................................................6
Problem............................................................................................................................6
The Affected Organizations or Countries........................................................................7
Procedure of the Attack...................................................................................................7
Possible Preventive Measures..........................................................................................8
Conclusion...........................................................................................................................8
References..........................................................................................................................10
Document Page
3
INFORMATION SECURITY
Introduction
In this era of information and communication technology (ICT), security is a major issue.
Data breach is a situation where the sensitive and major important information of an organization
is accessed in an unauthorized manner. This information is later on copied and lost. Proper
security policies must be incorporated in the system in order to overcome such issues.
This report discusses about the Verizon data breach that took place in July, 2017. It gives
a detailed report on the causes, affected people and the possible solutions for this problem. The
second part of the report discusses about the WannaCry ransomware attack that took place in
May, 2017. It points out the reason behind and the preventive measures of the ransomware
attack.
Part A
Problem
Verizon Wireless is a well reputed telecommunication company which operates its
business in America (Mathews, 2017). They are responsible for offering wireless devices and
services. They have faced a major data breach because of cloud leak. The Verizon partner was
responsible for leaking all the data in cloud. It exposed approximately the accounts of millions of
customers. All the information present in their account was leaked in July, 2017 creating a lot of
problem and chaos.
Reason for the Data Breach
The major reason or cause behind the data breach was a cloud based repository file that
was not configured. This leaked the information of 14 million people of the United States who

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
INFORMATION SECURITY
were the customers of the Verizon, telecommunication carrier. The ownership of the cloud based
system or software was under the telephonic software and NICE Systems. NICE Systems were
the third party vendor of the Verizon Company. Verizon’s data repository was the S3 bucket of
the Amazon Services of the Web (Fox News 2017). This data repository was administered and
monitored by the NICE Systems. They were responsible for the back office as well as call centre
works of Verizon.
The names, account details, addresses and other essential information was leaked and
accessed through the S3 bucket of the Amazon Services. The PIN codes of the customers that
used to verify the Verizon account were also leaked and under danger. Their phone numbers
were also leaked. This data breach shows the insecurity of cloud computing and its challenges
(Romanosky, Hoffman & Acquisti, 2014). This leaked the information of 14 million people of
the United States who were the customers of the Verizon, telecommunication carrier.
The other main reason for the cause of this data breach was the non configuration of the
cloud based structure provided by the third party vendor called NICE Systems. This was reported
by the UpGuard on around 13th June and it was closed on 22nd June. The reason behind such data
breach is a business risk as the sensitive information is under the main control of the third party.
If the third party does not take proper responsibility of the cloud or does it in a deliberate purpose
then this can create data breach affecting millions of users. NICE System has a history that is not
strong. History of this third party in supply technical to different firms reveal an indicator of
unsettled manner of the surveillance that was sponsored by the state. Customers could log in to
their accounts and get information from a repository that can be downloaded (Khalil et al., 2013).
This is an alarming signal because if the data can be downloaded then it can be shared with any
third party resulting in major loss to the US companies.
Document Page
5
INFORMATION SECURITY
How did the Data Breach Occur
Configuration is the most important issue in a cloud network. There can be any incorrect
configuration leading to issues regarding management of the network. Tools should be used in a
proper technique to allow the cloud to work in an efficient and effective manner. There was
major problem in the base of the infrastructure of the IT. This internal problem was known as
misconfiguration (Uchiumi, Kikuchi & Matsumoto, 2012). This misconfiguration in the
infrastructure can lead to around 70 to 99 per cent data breaches. There were no external or
malicious hackers. These third party vendors have visibility in the total tool chain of the IT
system and this led to the problem in Verizon. There was business risk due to dysfunction. These
dysfunctional characteristics were not identified at the early stage. The other main reason for the
cause of this data breach was the non configuration of the cloud based structure provided by the
third party vendor called NICE Systems. NICE System has a history that is not strong. The NICE
System should have looked into the matter and made the system more secured before anything
like this could take place. It is extremely challenging for any organization to find out the
loopholes and problems in the configuration of the cloud network. Proper identification of
incorrect configuration can solve the issue regarding this matter.
Possible Solution
The third party vendor should look into the matter and solve the misconfiguration issue.
The configuration of the IT systems should be carefully managed before any stated of disorder
takes place (Patel et al., 2013). The software should be upgraded on a continuous and regular
basis. The hardware performance also needs to be checked so that there is no degradation in the
performance. The downtime in the system must also be resolved in an efficient manner. Proper
cyber security policy along with signature authentication must be incorporated in the system. The
Document Page
6
INFORMATION SECURITY
shielding of the vulnerabilities must be done by updating and patching the software on a regular
basis from various points of access. Proper encryption keys must be involved in the system. The
cloud architecture must be protected. Third party vendors should be selected properly by
reviewing its history. Here the NICE System’s history was not commendable. There must be
important and secure privacy policies in order to access the private information of the system.
The vendor must be transparent with its client (Shabtai, Elovici & Rokach, 2012). The client
company must analyze and study the issues regarding the vendor company before deciding the
issues. A web gateway application can also reduce or eliminate the chances of risks in the
system.
Part B
Problem
The ransomware cyber attack that took place in May 2017 was the most dangerous attack
that took place across the world. It is known as the WannaCry ransomware attack. It is a cyber
attack that was done by the WannaCry ransomware cryptoworm (Mohurle & Patil, 2017). It had
targeted those computers that were running the operating system of the Microsoft Windows. The
data of this operating system were encrypted. The attackers had demanded ransom payments.
These payments were asked to be paid in the Bitcoin cryptocurrency.
The attack had taken place in around 12th of May, 2017. It was on a Friday. It had
infected around 230000 computers and more in more than 150 countries. National Health Service
of the United Kingdom was partly affected (Collier, 2017). It could run few services that were
required in emergency situation when the attack took place. Few days after the attack took place
a researcher of security discovered kill switch and found out the ransomware code that led to the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
INFORMATION SECURITY
initial slow process of the attack. But later on in 15th of May, 2017 it was found out that the other
advanced versions of the ransomware had been invented and these lacked the kill switch.
Microsoft had detected its vulnerabilities and released the techniques and methods in order to
overcome the flaws and faults in the present system. The newer versions like Windows 7 and
Windows 8 are safe. People who are still using the Windows XP and other unauthorized versions
are still under the security risk.
The Affected Organizations or Countries
It was reported by Europol that approximately 230000 computers that had the Windows
operating system were affected as they were infected by ransomware. This was spread over 150
countries across the world. The most affected countries were reported to be India, Ukraine,
Taiwan and Russia. The National Health Service of the United Kingdom and Scotland hospitals
were affected in a severe manner (PASCARIU, BARBU & BACIVAROV, 2017). It had infected
over 70000 computer devices in the hospitals. It also included the MRI scanners and theatre
equipments. The production in the Nissan Manufacturing in United Kingdom was halted because
the ransomware were infected in their systems. It has also affected Renault. It has stopped its
production in various sites. The attack was not as powerful as any other cyber attack. The firm
called Cyence had made a risk model that showed that there were economic losses that was
approximately 4 billion dollars. Other groups had estimated that there were losses of 100 million
dollars. Names of few of the organizations were Honda, Deutsche Bahn, Hitachi and many more.
These affected organizations and countries faced huge trouble due to the ransomware attack.
Procedure of the Attack
The ransomware attack called WannaCry attack had taken place on 12th of May, 2017.
The initial thing that happened was took place in Asia at around 7:44 am in the morning. It had
Document Page
8
INFORMATION SECURITY
taken place through an SMB port that was exposed due to its vulnerability (Mattei, 2017). It was
not done through email phishing. The malware had first checked whether there was any kill
switch domain. In the absence of such domain the ransomware attacks the system and encrypts
its data. It then exploits the vulnerabilities of the SMB. After the attack, it had displayed a
message asking for 300 dollars Bitcoin in a span of three days or 600 dollars in seven days
(O'Gorman & McDonald, 2012). By 14th of June, 2017 there were 327 payments resulting in a
total amount of 130634 dollars that had been transferred. Windows XP were still under high risk
as the WannaCry ransomware could affect it.
Possible Preventive Measures
Microsoft Protection Center that looks after the malware issues had mentioned several
steps that can be taken in order to prevent the WannaCry ransomware attack (O’ Dowd, 2017).
Installation and usage of antivirus software that is up to date will help to resolve many issues.
The software must also be up to date. They should avoid clicking on any websites or open any
type of attachment. There must be regular backup for important files. The pop up advertisements
must be blocked in every page. Software must be installed that will help to identify any type of
phishing or malware attacks (Martin, Kinross & Hankin, 2017). Patches should be applied to the
Windows that is recommended by Microsoft Security Bulletin.
Conclusion
This report concludes that the data breaches are spreading with time. This report has
discussed about the Verizon data breach that took place in July, 2017. It also gave a detailed
report on the causes, affected people and the possible solutions for this problem. The second part
of the report stated about the WannaCry ransomware attack that took place in May, 2017. It
Document Page
9
INFORMATION SECURITY
pointed out the reason behind and the preventive measures of the ransomware attack. It can be
concluded that these attacks can be resolved by using several preventive measures.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
INFORMATION SECURITY
References
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Fox News. (2017). Verizon data breach: 14 million customers reportedly exposed. Retrieved 27
August 2017, from http://www.foxnews.com/tech/2017/07/12/verizon-data-breach-14-
million-customers-reportedly-exposed.html
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud
computing. In Information Technology: New Generations (ITNG), 2013 Tenth
International Conference on (pp. 411-416). IEEE.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to patient
safety.
Mathews, L. (2017). Millions Of Verizon Customers Exposed By Third-Party Data
Leak. Forbes.com. Retrieved 27 August 2017, from
https://www.forbes.com/sites/leemathews/2017/07/13/millions-of-verizon-customers-
exposed-by-third-party-leak/#929962836bc9
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons
from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.
Mohurle, S., & Patil, M.(2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
O’Dowd, A. (2017). NHS patient data security is to be tightened after cyberattack.
Document Page
11
INFORMATION SECURITY
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.
PASCARIU, C., BARBU, I. D., & BACIVAROV, I. C.(2017) Investigative Analysis and
Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.
Patel, A., Taghavi, M., Bakhtiyari, K., & JúNior, J. C. (2013). An intrusion detection and
prevention system in cloud computing: A systematic review. Journal of network and
computer applications, 36(1), 25-41.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Shabtai, A., Elovici, Y., & Rokach, L. (2012). A survey of data leakage detection and prevention
solutions. Springer Science & Business Media.
Uchiumi, T., Kikuchi, S., & Matsumoto, Y. (2012, September). Misconfiguration detection for
cloud datacenters using decision tree analysis. In Network Operations and Management
Symposium (APNOMS), 2012 14th Asia-Pacific (pp. 1-4). IEEE.
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]