logo

WannaCry Ransomware: How it Spreads, Impact on Organizations, and Lessons Learned

7 Pages2090 Words240 Views
   

Added on  2023-06-12

About This Document

This article discusses the WannaCry ransomware, including how it spreads, its impact on organizations, and lessons learned. It also provides tips for protecting personal computers and organizations from ransomware attacks. The article emphasizes the importance of incident response planning, disaster recovery planning, and business continuity planning.

WannaCry Ransomware: How it Spreads, Impact on Organizations, and Lessons Learned

   Added on 2023-06-12

ShareRelated Documents
NETWORK SECURITY ASSIGNMENT
WannaCry Ransomware: How it Spreads, Impact on Organizations, and Lessons Learned_1
MEMORANDUM
TO: All employees
FROM: [Student Name and any desired title]
DATE: 22nd May, 2018.
SUBJECT: Lax information security in the organization
Owing to the recently undertaken audit on the company, it has come to my attention that there is a
huge lax in information security in the organization. There are no coordinated security policies and
the few policies that are in pace are not being followed.
With the organization not taking the information security into consideration, we will soon run into
the problem of a security breach. As is, there has already been a social engineering attempt where
someone hoodwinks another to reveal critical information.
We should therefore be aware of the different security breaches that are commonly used such as
phishing and spoofing so that we are not caught unaware and stay on the alert to spot and report
any attempts. On the same note, to avoid being a victim, I recommend to do the following, never
give critical information to anyone unless they need to know and are authorized to do so, do not
open any suspicious looking files and links and also ensure the URL of any link is genuinely for the
site it claims to be going to.
I encourage all of us to follow the currently available policies and any other that will be made in
order to increase our information security.
Thank you for your cooperation.
Best regards,
[Student name and desired title]
WannaCry Ransomware: How it Spreads, Impact on Organizations, and Lessons Learned_2
WannaCry ransomware
Introduction
Wannacry has been defined to be a worm which is spread by exploiting vulnerabilities that are in the
Windows operating system [1] especially the older versions which have since stopped being
updated. If installed, WannaCry encrypts all the files then as the name suggests, it demands a
ransom payment in exchange for one's files being decrypted. The ransomware consists of multiple
components [2]. These include an application for encryption and decryption of data, files that have
the encryption keys and a copy of Tor.
How attack is propagated
Information gathered by studying the DoublePulsar backdoor capabilities enables inking the SMB
exploit to the EternalBlue SMB exploit [3]. The ransomware uses a lateral movement technique to
spread through the machines in a network. In particular, it makes use of the Windows Server
Message Block (SMB) to spread through a network while operating over TCP 45 and 139 [4]. The
propagation happens in the “mssecsvc2.0” ServiceHandler function which is in charge of WSAstartup
functionality and cryptographic initialization. Therefore, the ServiceHandler will generate two
threads that will enable SMB exploitation, the two will infect targets one internal and the other
external.
Impact on organizations
The WannaCry ransomware spread so fast that in a single weekend, the victim systems had really
grown from 45,000 to a number estimated to be 200,000. The effects of this is that large
organizations were crippled [5]. This was as a result of data since the ransomware would affect even
the backups. Ransomware are so effective largely due to the downtime and organizations affected
said they lost between $5,000 to $20,000 in a single day [6].
To protect an organization from the WannaCry ransomware, it is essential to update software and
operating systems of computers as soon as a patch or a new version is released. In this case,
WannaCry exploited a vulnerability whose patch Microsoft had already released in a later version
but there were still so many victims and Microsoft had to release an emergency patch for the older
versions of Windows that they had already stopped supporting.
It is essential that organizations don't rely only on one form of cyber security. Therefore some of the
other methods that can be applied include using an anti-virus, a firewall and regularly backing up key
data to off-line hard drives such that even if the networks are attacked they have some data to fall
back on [7]. Other than this one shod not open any suspicious emails or attachments and the same
should be communicated to all users [8].
WannaCry Ransomware: How it Spreads, Impact on Organizations, and Lessons Learned_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
(PDF) Overview of Cyber Security
|8
|1545
|60

CJ 4472 - The Rampage of the Ransomware | WannaCry
|7
|921
|10

Assignment On Risk Mitigation and Security Plan
|14
|2958
|38

IT Security Management
|12
|2958
|324

WannaCry Ransomware Attack 2017: Target, Working, Damage, Detection
|10
|2236
|76

Potential Threats and Mitigation Tools for Ransomware
|10
|2689
|368