WannaCry Ransomware Attack Analysis

Verified

Added on 2020/03/01

AI Summary

This assignment analyzes the WannaCry ransomware attack that occurred in 2017, impacting over 99 countries. It examines how the attack was carried out using the 'Eternal Blue' exploit stolen from the NSA, focusing on phishing as the primary attack vector. The assignment further discusses the preventative measures that could have mitigated this widespread cyberattack.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

PART A
COMPUTER SECURITY BREACH TOOK PLACE IN JUNE 2017- DEEP ROOT
ANALYTICS
INTRODUCTION
The data security breaches have advanced at such a arte that it seems to be almost
impossible for the data to be kept unprotected for a single moment also as the hackers are
always on the look about for such a situation wherein they can enter the system of companies
and steal crucial information which would hamper them. In the year 2016, the Republican
National Committee hired Deep Root Analytics , a data analytics company to collect crucial
political data with regards the voters in the USA (Daitch, 2017). Chris Vickery who was
working as a cyber risk analyst found out that the crucial and critical data that was gathered
by Deep Root Analytics i.e. basically comprised of private information for nothing less than
200 million citizens of America was stored on an Amazon Cloud server and that too without
any protection such as passwords or any such authentication for over a fortnight in the month
of June 2017.
The examination of the situation has confirmed that the data that has been leaked
comprises of names, addresses, phone numbers, date of birth and Voter registration numbers
that were mentioned in the Voter Ids of the voters(Newman,2017).
ASSESSMENT OF THE ISSUE
On doing a complete examination of the said case, it is understood that the main
reason behind the attack was Deep Root Analytics themselves and he negligence act
conducted by them of storing data on the cloud without protecting the same. The researcher,
Chris Vickery had found out that there was a flawed database which comprised data of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

almost all the voters who were registered and which was gathered by the said analyst. The
main issue here was absence of any password which would help protect it from access from
unwanted people. However since the same was missing thereby anyone with an internet
connection could gain access of the information and thereby tamper it. Around a terabyte of
data was breached due to negligence (Bertrand, 2017). The issue here was also that various
files that were exposed had not originated from Deep Root. They are the total of outside data
entities and organizations and Republican super PACs , which basically puts the attention
onto the ever increasing data network and that had supposedly lent a helping hand to the
current president of US, slender limits in key swing rates. Even though the data possessed by
Deep Root contained facts and figures typical of any political campaign, yet the fact that it is
crucial for immoral and malicious individuals and groups cannot be ignored (Cameron &
Conger, 2017). The said issue propelled when the firm had updated their security settings
early in the month of June 2017.
Thus the main issue that can be understood from this kind of a data breach is that the
analyst firm had obtained data from various other companies which contained data such as
the type of campaigning that would help the President win the elections, the cost attached
with the same, the kind of voters available etc. the files exposed were critical as they were
data on the Democratic Senatorial Campaign Committee, Planned Parenthood and the
American Civil Liberties Union (Walsh, 2017). The data breached also comprised of the
preferences of the voters such as stem cell research and gun control. Thereby it can be rightly
said that the carelessness on the part of the company made many people pay a price for it and
that too the information was sensitive enough from the political perspective as well
(Matthews, 2017).

SOLUTIONS TO PREVENT SUCH HACKS
Solutions are many which would help protection of such carelessness again in future.
One of the most important was to ensure that if any updates have to be run on any previous
data stored, then it is a necessity to ensure that adequate safeguards are installed. Even though
Deep Root Analytics have assumed full responsibility for the occurrence of the breach, they
have immediately on being aware of the same, have updated their security settings so that no
further loss occurs. However, there should also be a system wherein after any updates being
done, the system should by itself prompt about the lack of passwords or weak passcode. This
would help protection as well as dealing with such a negligence in future as well (Lapdwsky,
I2017). This is basically human error which can occur anytime, but such an error can be very
disastrous for the whole country as it may lead to development of terrorism to a greater scale,
hence these data analytics companies should either destroy off the data after the work is over
or ensure security is not lacked at any moment whatsoever.
CONCLUSION
There on a concluding note, it is understood that the staff of Deep Root Analytics
were very careless and had a negligent attitude which led them to forgetting of checking the
security settings once the system was duly updated. Storing any data in cloud definitely
provides more space to the organizations, but at the same time they end up exposing the same
to a huge arena of hackers who are always on the verge of stealing data and tampering them
or playing unwanted games with the information. Deep Root Analytics although has
presently taken care of the same and also confirmed that as per them not much of tampering
have been done, yet they should ensure that the person behind the same should be thoroughly
trained again.

REFERENCES:
Bertrand,N. (2017). GOP data firm that exposed millions of Americans’ personal information
is facing its first class-action lawsuit. Retrieved from
http://www.businessinsider.in/GOP-data-firm-that-exposed-millions-of-Americans-
personal-information-is-facing-its-first-class-action-lawsuit/articleshow/
59261439.cms
Cameron,D. & Conger,K. (2017). GOP Data Firm Accidentally Leaks Personal Details of
Nearly 200 Million American Voters. Retrieved from http://gizmodo.com/gop-data-
firm-accidentally-leaks-personal-details-of-ne-1796211612
Daitch,H. (2017). 2017 Data Breaches – The Worst So far. Retrieved from
https://www.identityforce.com/blog/2017-data-breaches
Lapdwsky, I. (2017). What Should (And Shouldn’t) Worry You In That Voter Data Breach.
Retrieved from https://www.wired.com/story/voter-data-breach-impact/
Matthews,K. (2017). Deep Root Analytics Is In Deep Trouble With Voter Data Breach.
Retrieved from http://www.itsecurityguru.org/2017/06/29/deep-root-analytics-deep-
trouble-voter-data-breach/
Newman,L.H. (2017). The Biggest Cyber Security Disasters of 2017 so far. Retrieved from
https://www.wired.com/story/2017-biggest-hacks-so-far/
Walsh,A. (2017). Deep Root Analytics behind data breach on 198 million US voters :
security firm. Retrieved from http://www.dw.com/en/deep-root-analytics-behind-data-
breach-on-198-million-us-voters-security-firm/a-39318788

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

PART B
MAY 2017 RANSOMWARE CYER ATTACK
INTRODUCTION
A world-wide ransomware attack with the help of attacking equipments extensively
alleged by researchers to have been formulated by the US National Security Agency
impacted the NHS in a negative sense, strike worldwide transporter FedEx and tainted PCs
and laptops in nearly about more than a hundred countries. The number of computers being
infected by the attack has crossed 300,000 and Russia, Taiwan, Ukraine and India being the
top most amongst them whose computers were the most infected by the WannaCry as per the
data released by Czech security firm Avast (Graham, 2017).
ASSESSMENT OF THE MAIN ISSUE
The main issue that can be understood with regards this particular attack was the fact
that it was not an attack on any particular company or country but the same was on a much
larger scale wherein more than a hundred were infected. The ransomware was named as
‘WannaCry’ also popularly known as WanaCrypt0 or 2.0, WannaCry and WCry. The main
trick used by the attacker was that of phishing wherein the virus is sent to various computers
with the help of emails and it contains such data that misleads the recipient and he or she ends
up opening the given attachments, which thereby further attacks the systems as the
attachments basically contains malicious files.
Another very crucial issue here was that once the system gets infected, a payment is
asked for cleaning the same up and giving the access back to the users but at the same time
there is no conformity to the access even after payment. The attack had spread like a fire and
one of the biggest in history which made it difficult for the defenders to safeguard the

computers of lakhs across the globe at a faster pace. It was not only restricted to only one
country or continent (Hern, & Gibbs, 2017). The visibility of the attack was so widespread
that there has been a lot of hue and cry.
WHO WERE AFFECTED AND HOW
The worst impact of this attack has been seen in Britain’s NHS. Hospitals and GP
surgeries in England and Scotland were among at least 16 health service organizations hit by
a “ransomware” attack. The malware that was used here was named as Wanna Decryptor.
The employees and the workers were asked to switch over from the systems to manual way
of working i.e by using pen and paper and also increased the usage of one’s own cell phones
since the attack has had an impact on various main systems which included landlines as well.
Unfortunately the suffering and the ailing patients were forcibly sent back who were ready
for major surgeries in the hospitals in various parts of England. Various appointments were
also cancelled after such a horrendous attack which ended up messing and scuttling of
information stored on various systems. Unfortunately, health facilities being one of the most
crucial for any country, there people were asked to demand and look for a medical help only
in case of emergency due to the attack and the impact of it being so deep (BBC News 2017).
Till present day, the most infected countries by the said malicious software is Russia,
where the Interior Ministry was attacked and three more countries as per Czech Security i.e.
Taiwan, India and Ukraine. Another very major company which was infected was FedEx
Corp, whereas a telecommunication entity named Telefonica in Spain was also infected
although it was confirmed by them that the attack had not infected all the systems and only a
few were impacted and none of its clients or any of the services being provided to them were
affected in any manner. Further two more companies in the same segment, Portugal Telecom

and Telefonica Argentina also said that they were also amongst the ones who were infected
by the attack (Wong, & Solon, 2017).
HOW WAS THE ATTACK CARRIED OUT
Surprising the said attack was not carried out in any special manner, but to the
surprise of all, it used one of the most common methods i.e. phishing. A cyber-gang named
Shadow Brokers are being blamed for the particular hack. As per the confessions made by the
gang, they said that they had stolen a ‘cyber weapon’ from the most powerful military
intelligence unit in the world i.e. National Security Agency (NSA), USA. The said hacking
weapon ‘Eternal Blue’ provides an unparalleled access to various systems which use MS
Office. The said weapon was developed by NSA so that they could enter the systems of the
various terrorists and such other foes (Perlroth et.al. 2017).
However, it is being thought by all that the gang had put the said bug on an
incomprehensible site and which in turn was further stolen by another gang who used it to
infect systems worldwide.
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
One of the biggest ways that would have enabled protection of this attack would have
been regularly updating Windows and running the anti-virus as well. The weakness of the
government is one of the main reasons behind the same and thereby they should be more
vigilant and stringent in protecting their database and such critical software programs as well.
Further the users should not open all the spam mails and the attachments found. Downloading
of software and apps from unknown places should be prevented. Last but not the least, a pro-
active way of thinking is a must specially in segments which are very crucial such as the
health care segment.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

REFERENCES:
BBC News. (2017). Massive ransomware infection hits computers in 99 countries. Retrieved
from http://www.bbc.com/news/technology-39901382
Graham,C. (2017). NHS cyber attack: Everything you need to know about ‘biggest
ransomware’ offensive in history. Retrieved from
http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-
know-biggest-ransomware-offensive/
Hern,A. & Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global
computers. Retrieved from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20
Perlroth,N., Scott,M. & Frenkel, S. (2017). Cyberattack hits Ukraine Then Spreads
Internationally. Retrieved from
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?
mcubz=3
Wong,J.C. & Solon,O. (2017). Massive ransomware cyber-attack hits nearly 100 countries
around the world. Retrieved from
https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-
ransomware-nsa-uk-nhs

1 out of 8

+13062052269

info@desklib.com

WannaCry Ransomware Attack Analysis

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Cybersecurity Threats and Defenses

Data Breaches and Cyber Attacks 2017

Ransomware Attacks: Causes and Prevention

WannaCry Ransomware Attack Analysis

WannaCry Ransomware Attack Analysis

WannaCry Ransomware Attack Analysis