WannaCry Ransomware Attack Analysis

Verified

Added on 2020/03/01

AI Summary

This assignment delves into the WannaCry ransomware attack of 2017. It examines the attack's execution, highlighting the use of phishing emails and vulnerabilities in Microsoft's SMB protocol. The analysis discusses the impact of the attack on various organizations, particularly the National Health Service (NHS), which faced significant disruptions due to encrypted data and canceled appointments. The assignment also explores preventative measures, emphasizing the importance of timely security updates and cybersecurity awareness, as well as discussing the limited options for recovering data once encrypted by ransomware.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Task 1 - Search the web for news on computer security breaches that occurred during April-
August 2017. Research one such reported incident (Excluding the May 2017 ransomware
cyber-attack). Prepare a report focusing on what the problem was, how and why it occurred
and what are the workable solutions.
Answer-
1.a News on computer security breaches are list down below:
Petya Malware grounds interruption beyond the Globe, Europe Worst Hit
Botezatu said a new program arose near about identic to GoldenEye, an alternative of an
accepted family of captive-considering programs accepted as “Petya.” It usually demanded $300 in
Bitcoin.
Verizon (July 13, 2017)
According to report near about 14 million Version subscribers might have been affected
because of a data breach. And maybe you are one of the candidate from then if you ever contacted
with Verizon customer care service in the last 6 months. All the records were adhered on a server
that was under control of Israel placed Nice systems. Chris Vickery, with security firm UpGrad had
discovered this data breach. In late June, he apprized and it hold more than q week to secure the
data. Log files which come into actual data develop the when any customer contacted the Verizon
company via phone.
OneLogin (May 31, 2017)
It is a company which allows multiple users to administer number of sites and application
with the help of a cloud based platform, it is San Francisco based company and noticed an issue of
data breach. The attack on OneLogin started on 31st May at 2AM and shut down at 9AM. Because
of this attack all the customers data were negotiated as this time, along with the capability to
decrypt encrypted data. And, the investigation is still going ahead and the complete duration of the
breach is still unknown. This app manages 2,000 companies in total 44 countries, more than 300
app vendors and more than 70 SAAS providers.
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Gmail (May 3, 2017)
A phishing scam was planned against Gmail users, which were planned for gaining the
access to user’s account with the help of some third-party application. The email was looks similar
as they are from user’s list of trusted contact and alert the each and individual that they are looking
like they want you to share some Google Doc with them. But when user clicked on the email to
open it, it loads at the actual Google’s security page on which that person could manage fake google
Docs. But this scam stops in an hour only still 1 million users got affected.
1.b For this assignment, I have gone through with many computer security news and done my
research on “Petya ransomware”.
What is “Petya Ransomware”?
It is a ransomware which belongs to the encryption ransomware family. It was first detected
in 2016 and then again in June 2017 for cyberattack. It basically infects the Microsoft Windows
based systems, infect the master boot record of the system so that it can execute a payload which
can encrypts a hard drive’s file system. Like WannaCry ransomware it also asks to user for bitcoin
to gain the access and decryption of data. In Europe and the US large firms were effected much
rather than others with some Russian steel and oil firms and French construction material etc. But it
only tried to transmit only internally in reach of the same network but not externally. This reason
can cause of decrease in transmission of new infections overnight.
How it occurred?
“Petya” ransomware takes control over the computers and then counterclaim for $300
which needs to be paid in Bitcoin. This ransomware spread within network only internally, so it
spreads all over the organization and once a computer machine is infected with the help of
EternalBlue vulnerability in Microsoft Windows system or you can also say with the help of two
windows administrative tools. While comparing Petya with WannaCry, it has better contrivance to
spread all over the organization as it tries for another option if one does not work said Ryan
Kalember, of cyber security company Proof Point.
It infects the master boot record with overwriting the windows boot loader and then try to
bring about restart. When the system restarts, payload will execute at that time Master File Table of
NTFS file system will get encrypted. After encryption, it will show some ransom message which
demands for some money in bitcoin. The first version of petya changes its payload with a PDF file
2

which is attached to an email. National Cyber security and Communication Integration Center
(NCCIC) and the US Computer Emergency Response Team (US-CERT) released Malware Initial
Findings Report (MIFR) about “Petya” on 30th June 2017.
Protection against “Petya” Ransomware
The largest considerable activity antivirus companies now a day’s claims that detection and
protection across “Petya” infections have updated software. Products of Symantec accepting
definition version of 20170627.009 consider for occurrence. Then Kaspersky also says that now
spotting the malware is possible by security software’s. It also keeps windows up to with the
appropriate bottom with installing March’s demanding patch which preserving across the
EternalBlue vulnerability.
3

Task 2 - Research the May 2017 ransomware cyber-attack on the web and prepare a report
focusing on the following questions:
a. What is WannaCry(May 2017 Ransomware)?
A ransomware module that operating a Windows cracked by the Shadow Broker in 2017 in
the month of April. Supposedly which US National Security Agency (NSA) used as a segment of a
fixed set of tools to spy on their targets. A type of malware which can infects or affects a machine
and then encrypts its data is known as Ransomware. After encryption is demonstrate some amount
of money paid by the user individua user or group of online before they can start using the computer
and that money called ransom amount. Ransomware can also access their data advantage. So, these
transactions are generally desired in Bitcoin, to continue unnoticeable. They can ask for $300 worth
in this scenario.
Security researcher Malware Hunter Tam blotched A chunk of ransomware early blotched in
the wild on 12th May at 9.45AM. This malware is same as which affected Telefonica in Spain and
the NHS in Britain. Within or can say less than 4 hours downstream, the same ransomware had
infected NHS computers, albeit basically alone in Lancashire and transmitting all the time the
NHS’s internal security network. It is additionally called WanaCrypt0r 2.0, Wanna Decryptor 2.0,
WCry 2, WannaCry 2 and Wanna Decryptor 2.
Because of this ransomware approximately 200,000 victims and 300,000 computers were infected.
b. Who were affected and how?
There is huge list of affected victims by WannaCry Ransomware.
China
Gas Stations: During this attack china stated at state-run media that few of the gas stations
face issues in their digital payment systems such as shut down and which was forcing customers to
bring cash.
Colleges: A “red alert” had been released by the Internet Security firm Qihoo360
throughout the weekend, which says that ransomware attack had hit the many students and colleges
in china.
Global Companies
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Nissan: Nissan is an automobile company, in this a carmaker gives his statement that “Some
Entries were currently aimed” but “we did not face any considerable influence on our business.”
FedEx: “Undergoing process of being interfered with few of our Windows-based system
which is caused by malware” said by the company and they were trying to sort out this issue as
soon as possible.
Russia
Russian Central Bank: This bank detected malware bulk emails to banks but they found no
settlement of resources which is reported by state media agency.
Russian Railways: The IT system of Russian Railways was attacked by a virus but no as
such affect the operation because of prompt response. That virus has been bounded and the
complete technical task is being going on to ruin it and then finally updating the antivirus
protection.
Megafon: That ransomware also tried to attack Russian telecommunications company’s call
centres but network of this company was safe as they controlled the situation timely.
Germany
Deutsche Bahn: German Railway Company informed CNN Money that by cause of this
attack “passengers information got corrupted and display at some stations were inoperative and
ticket machines also”.
Spain
Telefónica: One of the Spanish telecom company Telefonica was also the target of this
attack but that cause by the attack only few computers were affected.
United Kingdom
National Health Service: Minimum 16 organizations of NHS were also target of this
attack. They are still working on this to find out the evidence that the patient data was accessed by
someone else. They are still working with damaged organization to make sure. They also talked
about cancelation of outpatient appointments.
c. How was the attack carried out?
Some of the professionals consider that the commencing infection might have been drifting
out with the help of an advance phishing attack with some emails full/loaded with ransomware.
5

When WannaCry ransomware heels its way into a computer system then it first encrypts the data
available in the system and then finally accomplishes susceptibility in the Microsoft’s server
Message Block (SMB) agreement to transmit the infection all over the system. At the same time
ransomware is commonly taken as an undeveloped attack tool. This basic version was high
performance beyond its founder adopting secrets from the NSA’s spy book. Because of all this it
was very adequate, thousands of computers shutting down across the world.
d. What could have been done to prevent the attack?
To prevent from this attack, shortly as foretime Shadow Brokers set free it’s files, Microsoft
expressed a chunk of Windows, establishing that the susceptibility could not be worn to escalate
malware within the completely updated versions of its own operating system. But because of many
issues, starting from the inadequacy of resources with a need of completely test latest updates
sooner compel them out much universally. Sometimes few organizations are very slow to install
comparable security updates on a broad scale. Shadow Brokers were straight comprising of in the
ransomware attack. During the time that Shadow Broker itself, no one really does not know but the
actual finger point towards the Russian actor as feasible culprits.
If ransomware attacks on your computer machine than there is not much thing you can do to
secure your data because it was already encrypted by malware. So, if you have backup than you
must be able to restore these files once you clean your computer. But in case you do not have
backup than your files could be gone. Few poorly designed and developed ransomware anyhow
hacks itself by some security researchers which can allow data recovery. But unlikely such
situations are very rare and aims not to assign in this case of very large scale experienced hits such
as WannaCry attack.
6

REFERENCES
Alex Hern and Samuel Gibbs (12 May 2017). What is WannaCry ransomware and why it is
attacking global computers? Retrieved from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-
wanacrypt0r-20
Heidi Daitch (13 July 2017). 2017 Data Breaches – The worst so Far. Retrieved from
https://www.identityforce.com/blog/2017-data-breaches
Olivia Solon and Alex Hern (28 June 2017). ‘Petya’ Ransomware attack: what is it and how
can it be stopped? Retrieved from https://www.theguardian.com/technology/2017/jun/27/petya-
ransomware-cyber-attack-who-what-why-how
GWYN D’MELLO (15 May 2017). WannaCry Ransomware attack: Everything You Need
to Know, To Stay Safe from This Security Breach. Retrieved from
http://www.indiatimes.com/technology/news/wannacry-ransomware-attack-everything-you-need-
to-know-to-stay-safe-from-this-security-breach-321700.html
7

1 out of 7

+13062052269

info@desklib.com

WannaCry Ransomware Attack Analysis

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Ransomware Attack Analysis and Prevention

Preventing Ransomware Attacks

WannaCry Ransomware Attack Analysis

Ransomware Attacks: Analysis & Prevention

WannaCry Ransomware Attack Analysis

Cybersecurity Awareness and the WannaCry Attack