University Cyber Security: WannaCry Ransomware Attack Analysis Report
VerifiedAdded on 2022/12/28
|10
|2252
|2
Report
AI Summary
This report delves into the WannaCry ransomware attack, providing a comprehensive analysis of the cyber crime. It begins with an introduction to cyber crime and ransomware, specifically focusing on WannaCry as one of the most significant attacks, particularly its impact on the NHS in 2017. The report discusses past cyber attacks like Teardrop and Smurf attacks, before narrowing its focus to WannaCry, detailing its methods of operation, the targeted organizations, and the extensive damage caused, including cancelled appointments and financial losses. It also covers the detection of the attack and identifies the suspected perpetrator. The report concludes with a summary of findings and highlights the need for enhanced cyber security measures in the wake of such attacks. This report is a valuable resource for students studying cyber security and related fields.
Running head: CYBER CRIME
CYBER CRIME
Name of the Student
Name of the University
Author Note
CYBER CRIME
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CYBER CRIME
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Past cyber attacks...................................................................................................................2
The most prestigious attack....................................................................................................3
The targeted organization by WannaCry...............................................................................3
Attack possessed by WannaCry.............................................................................................4
Damage caused by the Ransomware attack...........................................................................4
Detection of the attack...........................................................................................................5
The Perpetrator.......................................................................................................................6
Summary of the findings........................................................................................................6
Conclusion..................................................................................................................................6
References..................................................................................................................................8
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Past cyber attacks...................................................................................................................2
The most prestigious attack....................................................................................................3
The targeted organization by WannaCry...............................................................................3
Attack possessed by WannaCry.............................................................................................4
Damage caused by the Ransomware attack...........................................................................4
Detection of the attack...........................................................................................................5
The Perpetrator.......................................................................................................................6
Summary of the findings........................................................................................................6
Conclusion..................................................................................................................................6
References..................................................................................................................................8
2CYBER CRIME
Introduction
Cyber crime is an attempt by the hackers in order to gain an unauthorized access to
the system to use its assets and to expose, alter, disable, damage, destroy, steal the
information from the system. The target associated with this crime is called cyber attack. It is
an offensive movement which targets the infrastructure and information system of a computer
or a network.
Ransomware is a computer malware which locks or take over the access of the database
management system by an encrypted form of data which cannot be decrypted easily (Brewer
2016). It blocks the users from accessing their own system files and data; the malware locks
the data and put it in an encrypted form. Ransomeware is one of the most rapidly advancing
cyber world criminal activity which affects business, banking sectors, government
organizations, hospitals and other organizations. WannaCry is one of the famous
Ransomware malware and one of the largest malware attacks that affect the NHS 2017
(Boiten and Wall 2017). This report discusses about the research on the past cyber attacks
and one of the highest prestigious attack which took place in NHS.
Discussion
Past cyber attacks
The past cyber attacks which took place in the recent past are:
1. Teardrop-Attack: The tear drop attack is denial-of-service (DoS) attack which includes
the process of sending of the fragmented packets to the targeted machine or the victim’s
system (Solankar, Pingale and Parihar 2015). The machine which receives such packets
reassembles them because of the bug in TCP/IP fragmentation. The packets overlap with
Introduction
Cyber crime is an attempt by the hackers in order to gain an unauthorized access to
the system to use its assets and to expose, alter, disable, damage, destroy, steal the
information from the system. The target associated with this crime is called cyber attack. It is
an offensive movement which targets the infrastructure and information system of a computer
or a network.
Ransomware is a computer malware which locks or take over the access of the database
management system by an encrypted form of data which cannot be decrypted easily (Brewer
2016). It blocks the users from accessing their own system files and data; the malware locks
the data and put it in an encrypted form. Ransomeware is one of the most rapidly advancing
cyber world criminal activity which affects business, banking sectors, government
organizations, hospitals and other organizations. WannaCry is one of the famous
Ransomware malware and one of the largest malware attacks that affect the NHS 2017
(Boiten and Wall 2017). This report discusses about the research on the past cyber attacks
and one of the highest prestigious attack which took place in NHS.
Discussion
Past cyber attacks
The past cyber attacks which took place in the recent past are:
1. Teardrop-Attack: The tear drop attack is denial-of-service (DoS) attack which includes
the process of sending of the fragmented packets to the targeted machine or the victim’s
system (Solankar, Pingale and Parihar 2015). The machine which receives such packets
reassembles them because of the bug in TCP/IP fragmentation. The packets overlap with
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CYBER CRIME
each other, resulting in crashing the targeted network device. Such attacks generally targets
systems with older operating system.
2. WannaCry: WannaCry is one of the major forms of Ransomeware malware which is a
kind of Crypto Ransomeware that targets the systems with Microsoft Windows operating
system (Mohurle and Patil 2017). The hackers targets the victim’s system and block the
interface by encrypting the data and flashing a message on the screen, demanding heavy
amount of payments in the form of cryptocurrency.
3. Smurf attack: The smurf attack is a type of distributed denial-of –service attack which
causes the computer to the bogus ping packets and reply to the targeted computer which
floods it (Bouyeddou et al. 2018). The victim’s system is flooded with traffic, if the number
of system in a network is very large which receive and responds to these packets. This
process is repeated and can be automated to cause huge amount of traffic or congestion over
the network.
The most prestigious attack
WannaCry is one of the highest prestigious attacks which took place in various health
departments in England (Li et al. 2018). This led to several trouble and consequences to the
authorities of the National Health Service (NHS) as well as the patients who made prior
appointment with the hospitals under the trusts of National Health Service.
The targeted organization by WannaCry
According to the reports of NHS, England, the WannaCry Ransomware affected 80
out of 236 trusts all over the country (Martin et al. 2018). Further to the reports of the NHS
603 primary care and other National Health Service organizations were also infected
including 595 GP practices. It was the largest attack which affected NHS. However, various
individual trusts were been attacked before May, 2017 (Collier 2017). Barts Health NHS
each other, resulting in crashing the targeted network device. Such attacks generally targets
systems with older operating system.
2. WannaCry: WannaCry is one of the major forms of Ransomeware malware which is a
kind of Crypto Ransomeware that targets the systems with Microsoft Windows operating
system (Mohurle and Patil 2017). The hackers targets the victim’s system and block the
interface by encrypting the data and flashing a message on the screen, demanding heavy
amount of payments in the form of cryptocurrency.
3. Smurf attack: The smurf attack is a type of distributed denial-of –service attack which
causes the computer to the bogus ping packets and reply to the targeted computer which
floods it (Bouyeddou et al. 2018). The victim’s system is flooded with traffic, if the number
of system in a network is very large which receive and responds to these packets. This
process is repeated and can be automated to cause huge amount of traffic or congestion over
the network.
The most prestigious attack
WannaCry is one of the highest prestigious attacks which took place in various health
departments in England (Li et al. 2018). This led to several trouble and consequences to the
authorities of the National Health Service (NHS) as well as the patients who made prior
appointment with the hospitals under the trusts of National Health Service.
The targeted organization by WannaCry
According to the reports of NHS, England, the WannaCry Ransomware affected 80
out of 236 trusts all over the country (Martin et al. 2018). Further to the reports of the NHS
603 primary care and other National Health Service organizations were also infected
including 595 GP practices. It was the largest attack which affected NHS. However, various
individual trusts were been attacked before May, 2017 (Collier 2017). Barts Health NHS
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CYBER CRIME
trust, which is one of the biggest trusts in England and Northern LincolNSHire and Goole
NHS Foundation Trust were subjected to Ransomeware attack in October, 2016 (Mendelson
and Wolf 2017). The attacks results in cancellation of 2800 patient’s appointments.
Attack possessed by WannaCry
The attack worked by encrypting data and the information of the systems of NHS
which has been infected. After successfully blocking the system of the NHS, the hackers
asked the concern authorities by flashing a message over the affected system how much
money is to be paid and when the transaction should be done in the form of cryptocurrency.
It arrived on the system in the form of a malicious attached email or may be from a
downloaded file from the internet (Nao.org.uk 2019). The attachment or the downloaded
program contains self-contained program which extracts the components of other applications
embedded within it. The components it includes are an application which has the ability to
encrypt and decrypts data, encryption key file and a copy of Tor. The attack swept through
dozens of hospitals across the country which cost the National Health Service about £92m.
Damage caused by the Ransomware attack
i) The damage led to a minimum disruption of about 34% of trusts in England.
However, the Department of NHS is still not aware of the actual amount of disruption. On 12
May, the National Health Service, England had recognized that about 45 NHS organization
including 37 trusts which was affected with the WannaCry Ransomware malware. It has been
found that almost 80 out of 230 NHS trusts across the country were infected which includes
34 locked devices and 46 devices unlocked devices but reporting disruption (Nao.org.uk
2019). The department further identified that 21 trusts which made an attempted to
communicate with the WannaCry domain, their devices were not locked down. This
happened may be because of two possible ways. The systems of the trusts might have
trust, which is one of the biggest trusts in England and Northern LincolNSHire and Goole
NHS Foundation Trust were subjected to Ransomeware attack in October, 2016 (Mendelson
and Wolf 2017). The attacks results in cancellation of 2800 patient’s appointments.
Attack possessed by WannaCry
The attack worked by encrypting data and the information of the systems of NHS
which has been infected. After successfully blocking the system of the NHS, the hackers
asked the concern authorities by flashing a message over the affected system how much
money is to be paid and when the transaction should be done in the form of cryptocurrency.
It arrived on the system in the form of a malicious attached email or may be from a
downloaded file from the internet (Nao.org.uk 2019). The attachment or the downloaded
program contains self-contained program which extracts the components of other applications
embedded within it. The components it includes are an application which has the ability to
encrypt and decrypts data, encryption key file and a copy of Tor. The attack swept through
dozens of hospitals across the country which cost the National Health Service about £92m.
Damage caused by the Ransomware attack
i) The damage led to a minimum disruption of about 34% of trusts in England.
However, the Department of NHS is still not aware of the actual amount of disruption. On 12
May, the National Health Service, England had recognized that about 45 NHS organization
including 37 trusts which was affected with the WannaCry Ransomware malware. It has been
found that almost 80 out of 230 NHS trusts across the country were infected which includes
34 locked devices and 46 devices unlocked devices but reporting disruption (Nao.org.uk
2019). The department further identified that 21 trusts which made an attempted to
communicate with the WannaCry domain, their devices were not locked down. This
happened may be because of two possible ways. The systems of the trusts might have
5CYBER CRIME
infected their systems after the activation of the kill switch and hence their devices were not
locked down. The alternate way may be the trusts have communicated with the WannaCry
domain as an element of their cyber security action. However, the department is still not
aware of the information how many NHS organizations lost the access to receive and record
information because they were sharing an infected system associated with the trust.
ii) About thousands of appointments and several operations were cancelled and many
patients had to travel further to emergency and accident departments. The NHS gathered
some information regarding the cancelled appointments to cope with the challenges but did
not able to include all the appointments to manage the incidents (Nao.org.uk 2019). It has
been optimized that almost 6912 identified appointments had been cancelled but in total it
was estimated that more than 19000 appointments would have been cancelled, the
information was acquired on the basis of normal rates of first appointments and follow-up
appointments. However, during the incident the data were not collected; neither the NSH nor
the department had any knowledge on what was the exact amount of GP appointments were
actually cancelled and from the accident and emergency department huge numbers of
ambulances were diverted in total.
iii) According to the information provided by the Nation Crime Agency, the NHS
England did not paid any amount to the attacker of Ransomware but the department is not
aware about the disruption caused in the service that costs the NHS (Nao.org.uk 2019). The
additional costs includes the number of cancelled appointments, additional IT supports
provided by the local National Health Service bodies, the data restoration cost and the
systems which were affected by the attack.
infected their systems after the activation of the kill switch and hence their devices were not
locked down. The alternate way may be the trusts have communicated with the WannaCry
domain as an element of their cyber security action. However, the department is still not
aware of the information how many NHS organizations lost the access to receive and record
information because they were sharing an infected system associated with the trust.
ii) About thousands of appointments and several operations were cancelled and many
patients had to travel further to emergency and accident departments. The NHS gathered
some information regarding the cancelled appointments to cope with the challenges but did
not able to include all the appointments to manage the incidents (Nao.org.uk 2019). It has
been optimized that almost 6912 identified appointments had been cancelled but in total it
was estimated that more than 19000 appointments would have been cancelled, the
information was acquired on the basis of normal rates of first appointments and follow-up
appointments. However, during the incident the data were not collected; neither the NSH nor
the department had any knowledge on what was the exact amount of GP appointments were
actually cancelled and from the accident and emergency department huge numbers of
ambulances were diverted in total.
iii) According to the information provided by the Nation Crime Agency, the NHS
England did not paid any amount to the attacker of Ransomware but the department is not
aware about the disruption caused in the service that costs the NHS (Nao.org.uk 2019). The
additional costs includes the number of cancelled appointments, additional IT supports
provided by the local National Health Service bodies, the data restoration cost and the
systems which were affected by the attack.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CYBER CRIME
Detection of the attack
The detection of WannaCry was observed when the malware completely blocked
many of the NHS system by encrypting it and flashing a message “Ooops, your important
files are encrypted” and locked down and infected most of the systems (Pascariu, BARBU
and Bacivarov 2017). Later, the hackers demanded a huge amount payment from the NHS
trusts in the form of cryptocurrency (Brewer 2016).
The Perpetrator
According to the Gurdian, The US Justice Department brought allegation and charges
against Park Jin Hyok, a suspected North Korean Spy for the role of global cyber attack that
disabled National Health Service in the year of May, 2017 (Libicki 2018).
Summary of the findings
Query Answers
The target The trusts of National Health Service
The attack possessed by Wannacry WannaCry blocked the systems and network of
the National Health Service by an encrypted data
form and demanded heavy payments in the form
of cryptocurrency to decrypt it.
Damage caused by the attack The attack led to a minimum disruption of 34%
trusts in England, cancellation of about more than
19000 of patients appointments and several GP
appointments. However, the NHS trust have not
made any payment to the attacker but the
restoration of system and data and additional IT
support costs a huge amount of money.
Detection of the attack The attack was detected when the system got
blocked and a message “Ooops, your important
files are encrypted” pop up on the screen and
demanding huge payments in the form of crypto
currency.
The perpetrator According to the Gurdian, The US Justice
Department brought allegation and charges
against Park Jin Hyok, a suspected North Korean
Spy for the role of cyber attack in NHS.
Detection of the attack
The detection of WannaCry was observed when the malware completely blocked
many of the NHS system by encrypting it and flashing a message “Ooops, your important
files are encrypted” and locked down and infected most of the systems (Pascariu, BARBU
and Bacivarov 2017). Later, the hackers demanded a huge amount payment from the NHS
trusts in the form of cryptocurrency (Brewer 2016).
The Perpetrator
According to the Gurdian, The US Justice Department brought allegation and charges
against Park Jin Hyok, a suspected North Korean Spy for the role of global cyber attack that
disabled National Health Service in the year of May, 2017 (Libicki 2018).
Summary of the findings
Query Answers
The target The trusts of National Health Service
The attack possessed by Wannacry WannaCry blocked the systems and network of
the National Health Service by an encrypted data
form and demanded heavy payments in the form
of cryptocurrency to decrypt it.
Damage caused by the attack The attack led to a minimum disruption of 34%
trusts in England, cancellation of about more than
19000 of patients appointments and several GP
appointments. However, the NHS trust have not
made any payment to the attacker but the
restoration of system and data and additional IT
support costs a huge amount of money.
Detection of the attack The attack was detected when the system got
blocked and a message “Ooops, your important
files are encrypted” pop up on the screen and
demanding huge payments in the form of crypto
currency.
The perpetrator According to the Gurdian, The US Justice
Department brought allegation and charges
against Park Jin Hyok, a suspected North Korean
Spy for the role of cyber attack in NHS.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBER CRIME
Conclusion
Therefore, from this report it can be concluded that WannaCry a Ransomeware
malware which had attacked the network and the system of the National Health Service,
England in May 2017 led to severe fatal consequences and troubles to the trusts and the
patients whose appointments were cancelled automatically because of the attack. Many of the
accidents and emergency department’s system went locked down and the patients had to
travel a further distances as the appointments were cancelled. This made the NHS department
expense on several other factors like additional IT support to cope up with the challenges and
the cancelled appointments led to a huge loss for the National Health Service, England.
However, the NHS department had not made any payment to the attacker. According to
charges of the Guardians, The US Justice Department brought allegation and charges against
Park Jin Hyok, a suspected North Korean Spy for the role of global cyber attack that disabled
National Health Service. After this attack the NHS took certain precautions and made
additional efforts and expenses and even though the employees sacrificed their weekends to
cope with the challenges for the security of the network and the systems.
Conclusion
Therefore, from this report it can be concluded that WannaCry a Ransomeware
malware which had attacked the network and the system of the National Health Service,
England in May 2017 led to severe fatal consequences and troubles to the trusts and the
patients whose appointments were cancelled automatically because of the attack. Many of the
accidents and emergency department’s system went locked down and the patients had to
travel a further distances as the appointments were cancelled. This made the NHS department
expense on several other factors like additional IT support to cope up with the challenges and
the cancelled appointments led to a huge loss for the National Health Service, England.
However, the NHS department had not made any payment to the attacker. According to
charges of the Guardians, The US Justice Department brought allegation and charges against
Park Jin Hyok, a suspected North Korean Spy for the role of global cyber attack that disabled
National Health Service. After this attack the NHS took certain precautions and made
additional efforts and expenses and even though the employees sacrificed their weekends to
cope with the challenges for the security of the network and the systems.
8CYBER CRIME
References
Boiten, E.A. and Wall, D.S., 2017. WannaCry report shows NHS chiefs knew of security
danger, but management took no action.
Bouyeddou, B., Harrou, F., Sun, Y. and Kadri, B., 2018. Detection of smurf flooding attacks
using Kullback-Leibler-based scheme.
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network
Security, 2016(9), pp.5-9.
Collier, R., 2017. NHS ransomware attack spreads worldwide.
Li, S., Xu, L., Song, H. and Chen, T., 2018. Privacy, data assurance, security solutions for
Internet of Things (PASS4IoT): Guest editorial. IET Networks, 7(5), pp.281-282.
Libicki, M. (2018). Could the Issue of DPRK Hacking Benefit from Benign
Neglect?. Georgetown Journal of International Affairs, 19, 83-89.
Martin, G., Ghafur, S., Kinross, J., Hankin, C. and Darzi, A., 2018. WannaCry-a year
on. BMJ: British Medical Journal (Online), 361.
Mendelson, D., & Wolf, G. (2017). Health privacy and confidentiality.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
Nao.org.uk. (2019). [online] Available at:
https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-
and-the-NHS.pdf [Accessed 11 Jun. 2019].
References
Boiten, E.A. and Wall, D.S., 2017. WannaCry report shows NHS chiefs knew of security
danger, but management took no action.
Bouyeddou, B., Harrou, F., Sun, Y. and Kadri, B., 2018. Detection of smurf flooding attacks
using Kullback-Leibler-based scheme.
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network
Security, 2016(9), pp.5-9.
Collier, R., 2017. NHS ransomware attack spreads worldwide.
Li, S., Xu, L., Song, H. and Chen, T., 2018. Privacy, data assurance, security solutions for
Internet of Things (PASS4IoT): Guest editorial. IET Networks, 7(5), pp.281-282.
Libicki, M. (2018). Could the Issue of DPRK Hacking Benefit from Benign
Neglect?. Georgetown Journal of International Affairs, 19, 83-89.
Martin, G., Ghafur, S., Kinross, J., Hankin, C. and Darzi, A., 2018. WannaCry-a year
on. BMJ: British Medical Journal (Online), 361.
Mendelson, D., & Wolf, G. (2017). Health privacy and confidentiality.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science, 8(5).
Nao.org.uk. (2019). [online] Available at:
https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-
and-the-NHS.pdf [Accessed 11 Jun. 2019].
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CYBER CRIME
Pascariu, C., BARBU, I.D. and Bacivarov, I.C., 2017. Investigative Analysis and Technical
Overview of Ransomware Based Attacks. Case Study: WannaCry. International Journal of
Information Security and Cybercrime, 6(1), pp.57-62.
Solankar, P., Pingale, S. and Parihar, R., 2015. Denial of Service Attack and Classification
Techniques for Attack Detection. (IJCSIT) International Journal of Computer Science and
Information Technologies, 6(2), pp.1096-1099.
Pascariu, C., BARBU, I.D. and Bacivarov, I.C., 2017. Investigative Analysis and Technical
Overview of Ransomware Based Attacks. Case Study: WannaCry. International Journal of
Information Security and Cybercrime, 6(1), pp.57-62.
Solankar, P., Pingale, S. and Parihar, R., 2015. Denial of Service Attack and Classification
Techniques for Attack Detection. (IJCSIT) International Journal of Computer Science and
Information Technologies, 6(2), pp.1096-1099.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.