PricingBlogAbout Us

University of Southern Queensland CIS5205: WannaCry Ransomware Report

Verified

Added on  2023/06/10

|5
|1041
|61
Report
AI Summary
This report provides a comprehensive analysis of the WannaCry ransomware attack, addressing its emergence in May 2017 and its global impact, estimated at $4 billion. The report details the attack's process, where attackers encrypt data and demand ransom, and its technical aspects, including the exploitation of vulnerabilities in Windows systems through EternalBlue and SMB protocols. The report also examines the impact on organizations like Renault and Hitachi, outlining the financial consequences and the steps taken to mitigate future attacks, such as patching vulnerabilities. The attacker's process involves targeting outdated systems, encrypting data, and demanding ransom payments in Bitcoin, while the technical aspects involve exploiting vulnerabilities to install the WannaCry payload using tools like DoublePulsar.
Document Page
The University of Southern Queensland (USQ)
CIS5205 Management of Information Security
Assignment 1
6 August 2018
Submitted To:
Dr. Michael Lane
(Course Examiner)
Submitted By:
Joe Bloggs (Student Name)
(USQ SID 12345678)
Total Words: XX
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Table of Contents
Q1. The WannaCry RansomWare Attack in summary..........................................................................3
Q2
Q3. How the WannaCry Ransomware Attack works............................................................................3
Q3.1 As a process..............................................................................................................................3
Q3.2 Technically................................................................................................................................3
3. List of References..........................................................................................................................3
Document Page
The WannaCry RansomWare Attack in summary (About 100
words)
The WannaCry Ransonware attack was first occur in May 2017 in the whole world. The
attack mainly targeted the computers which was running on the windows operating system. The
attack is basically they first attacks the victim’s computer and encrypt their data. After the data
encryption they use to ask for a ransome amount of money from the victim to get back their data.
The operating system vendor which is Microsoft though released some patches to the operating
system to prevent the exploit (Mattei, 2017). The systems that are infected and running on old data
security measurement are mainly targeted by the attackers.
Q1 What sort of cyber security attack was WannaCry
Ransomware Attack and when did it first emerge and occur
Attack Description WannaCry Ransomware Attack
When It First Emerged and Occur WannaCry Ransomware attack first emerged and ocured in
May 2017.
Impact Globally ($$$) The global impact of the WannaCry Ransomware is about $4
billion United States Dollar.
Q2 What was the impact of the WannaCry Ransomware
Attack in dollar terms for organisations globally – give two
specific examples of organisations that were impacted by
the WannaCry Ransomware Attack
The impact of WannaCry Ransomware attack for the global
organizations are huge. Arounr 200,000 computers were attacked
around 150 countries. And the amount that is loss by this attack can
be of $4 billion U.S Dollar.
Company name Date attacked Impact of the attack – ($$$) and Consequences
Renault 13.05.2017 The impact is huge as it is one of the leading
automobile manufacturer. The amount asked is
around $500 to restore the access. The company
fixed the vulnerabilities and the tools that are related
by the shadow brokers
Hitachi 12.05.2017 The amount that was asked from the companies are
from $300 to $600 for 3 days and 7 days basis
respectively. The companies then uses the required
patches that are released by Microsoft to prevent the
further attacks and vulnerabilities.
Q3. Explain how the WannaCry Ransomware Attack works as
a process and technically – considering the perspectives of
both the attacker and organisation that could be attacked
(about 400 words)

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Q3.1 As a process
The process of wannacry ransomware is very simple in general. The attacker’s first search for the
victims those are using old and out dated operating system. The old operating systems are often the
infected system which is easy to exploit and the wannacry attacker’s main target are those device
which are infected and where the security is less. After exploiting the device the attackers first
encrypt the data that are in the device (Kao and Hsiao, 2018). After encrypting the data they ask
ransom amount of money from the victim. The amount is basically of $300 and $600. After the
victim pay the money using bitcoin which is also a crypto currency. When the ransome amount is
given then the user get back his access to his/ her data. The operating systems that passed the
validity of its own are mainly in the target because an operation system that is past its end of life has
no security and many security loop wholes which is prone to be vulnerable (Mohurle & Patil, 2017).
The wannacry attackers installed backdoors on the device that are infected and then do the next
steps for the ransomware attacks.
Q3.2 Technically
The hackers and the creators of the WannaCry Ransomware Attack attacks the the windows
devices that are vulnerable, it already discussed earlier. The NSA developed a malware to exploit
the world by using the DoublePulsar backdoor malware and by EternalBlue SMB exploit for the
installation of wannacry on the windows systems. EternalBlue is a piggybank system which is the
main thing behind this attack. EternalBlue and SMB protocols are exploit the windows systems
(Chen and Bridges, 2017). EternalBlue.exe runs a script which targets the Windows computers to
executing by using following commands:
SMB echo request is sent to the targeted machine
Environment is set up to exploit the system which is vulnerable
Fingerprinting of SMB protocol is completed
An attempt is made to exploit
If the attack is successful, then DoublePulsar malware s being checked
DoublePulsar pinged for a reply from SMB
The doublePulsar is a tool which bypass the measurement of authentication of a system and
then creates a backdoor which allows the remote access. The DoublePulsar fully transfers the
system of victims control to the hacker without even
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
List of References
Chen, Q. and Bridges, R.A., 2017. Automated Behavioral Analysis of Malware A Case Study of
WannaCry Ransomware. arXiv preprint arXiv:1709.08753.
Kao, D.Y. and Hsiao, S.C., 2018, February. The dynamic analysis of WannaCry ransomware. In
Advanced Communication Technology (ICACT), 2018 20th International Conference on (pp. 159-
166). IEEE.
Mattei, T.A., 2017. Privacy, Confidentiality, and Security of Health Care Information: Lessons from
the Recent WannaCry Cyberattack. World neurosurgery, 104, pp.972-974.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017.
International Journal of Advanced Research in Computer Science, 8(5).
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.