WannaCry 2017: A Comprehensive Cyber Attack Analysis Report
VerifiedAdded on 2022/09/05
|12
|2432
|21
Report
AI Summary
This report provides a comprehensive analysis of the WannaCry ransomware attack, which occurred in 2017 and affected over 200,000 organizations across 150 countries. The report begins with an overview of the cyber attack and details the chronology of the event, including the initial reports and the spread of the ransomware. It explores the technical means used, such as the EternalBlue exploit, and identifies the threat actors, with a focus on the potential involvement of North Korea. The report investigates the motivations behind the attack, which are believed to be primarily financial, and examines the targets, including outdated Windows systems and hospitals. Furthermore, it discusses the responses of the victims, including government agencies and healthcare providers, and suggests preventative measures such as proactive cybersecurity practices, including software updates and internal audit systems. The report concludes by emphasizing the significance of information security and the lessons learned from the WannaCry incident.
Cyber conflict, Cyber espionage and cyber terrorism
Running head: IT write Up 0
Student’s Name
Address
Running head: IT write Up 0
Student’s Name
Address
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT write up 1
Contents
Introduction......................................................................................................................................1
Overview of Cyber Attack...............................................................................................................2
Chronology of the attack.................................................................................................................2
Technical means..............................................................................................................................3
Threat Actor.....................................................................................................................................3
Motivation........................................................................................................................................4
Targets.............................................................................................................................................5
Victim’s respond..............................................................................................................................5
Suggestion........................................................................................................................................6
Conclusion.......................................................................................................................................7
References........................................................................................................................................8
Contents
Introduction......................................................................................................................................1
Overview of Cyber Attack...............................................................................................................2
Chronology of the attack.................................................................................................................2
Technical means..............................................................................................................................3
Threat Actor.....................................................................................................................................3
Motivation........................................................................................................................................4
Targets.............................................................................................................................................5
Victim’s respond..............................................................................................................................5
Suggestion........................................................................................................................................6
Conclusion.......................................................................................................................................7
References........................................................................................................................................8
IT write up 2
Introduction
In today’s time, technology has spread its roots in almost every other area of life and every
second person does rely on the same. This developed technology serves several benefits to users
and proves an essential element in their lives. Nevertheless, some times, people suffer from
highly significant issues such as data loss, financial loss or cyberbullying out of their use of
technology such as different software and devices. These issues come out of incidents of cyber-
attacks or cyber terrorism where cybercriminals attack computers or networks of users using a
different type of advance and strong technique. The objective of this report is to develop an
understanding of one such incident of cyber conflict that has affected several people and their
operations. The case study selected hereby for the discussion is popularly known as “Wannacry
2017”. To understand this incident appropriately, many of the related aspects shall be discussed
such as a chronology of the event, threat actors, noncyber aspects, motives, targets, and others.
Overview of Cyber Attack
Before moving towards the discussion of other aspects, first, a basic understanding of the issue
needs to be developed. This is to state that the Wannacry 2017 was a ransomware attack that
happened worldwide. The attack is worth to study due to its huge impacts over 200000
companies across 150 countries, where millions of billions of loss have occurred out of it. The
most affected countries were Taiwan, Russia, India, and Ukraine. To discuss what happened this
is to state that under this cyber-attack, this is to state that ransomware worm (WannaCry) rapidly
spread across several computer networks in May 2017. It encrypted files available on the hard
drive of PCs after infecting their windows system. Due to such encryption, users became
Introduction
In today’s time, technology has spread its roots in almost every other area of life and every
second person does rely on the same. This developed technology serves several benefits to users
and proves an essential element in their lives. Nevertheless, some times, people suffer from
highly significant issues such as data loss, financial loss or cyberbullying out of their use of
technology such as different software and devices. These issues come out of incidents of cyber-
attacks or cyber terrorism where cybercriminals attack computers or networks of users using a
different type of advance and strong technique. The objective of this report is to develop an
understanding of one such incident of cyber conflict that has affected several people and their
operations. The case study selected hereby for the discussion is popularly known as “Wannacry
2017”. To understand this incident appropriately, many of the related aspects shall be discussed
such as a chronology of the event, threat actors, noncyber aspects, motives, targets, and others.
Overview of Cyber Attack
Before moving towards the discussion of other aspects, first, a basic understanding of the issue
needs to be developed. This is to state that the Wannacry 2017 was a ransomware attack that
happened worldwide. The attack is worth to study due to its huge impacts over 200000
companies across 150 countries, where millions of billions of loss have occurred out of it. The
most affected countries were Taiwan, Russia, India, and Ukraine. To discuss what happened this
is to state that under this cyber-attack, this is to state that ransomware worm (WannaCry) rapidly
spread across several computer networks in May 2017. It encrypted files available on the hard
drive of PCs after infecting their windows system. Due to such encryption, users became
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT write up 3
impossible to access their original files and thereafter the decryption of the files demanded
ransom payments in bitcoin. Several factors make this attack more significant. For instance, it
struck several high profiles and important systems including systems of national security
agencies of the US and national health services of Britain.
Chronology of the attack
The attack has followed a timeline under that it affected many organizations one after another.
May 12: Morning
Here to state that the first reporting of the attack under this series has made in Europe by 3:24 am
eastern time on 12th May 2017. Spain based Telecommunication Company, telephonica was
among the first major organization influenced by it, but the report has first made by the health
care sector of England where malware blocked access to records of patients.
May 12: Afternoon
Further, in the afternoon on the same day, the attack spread to several entities across the globe
including some major organizations such as MegaFon, FedEx and Renault. Here Microsoft
issued the statement calling the situation painful.
May 13
An update of malware expected to be released, which was increasing its spread. Microsoft
brought an additional security update for the consumers to protect their windows platforms.
Monday: May 15: Morning
impossible to access their original files and thereafter the decryption of the files demanded
ransom payments in bitcoin. Several factors make this attack more significant. For instance, it
struck several high profiles and important systems including systems of national security
agencies of the US and national health services of Britain.
Chronology of the attack
The attack has followed a timeline under that it affected many organizations one after another.
May 12: Morning
Here to state that the first reporting of the attack under this series has made in Europe by 3:24 am
eastern time on 12th May 2017. Spain based Telecommunication Company, telephonica was
among the first major organization influenced by it, but the report has first made by the health
care sector of England where malware blocked access to records of patients.
May 12: Afternoon
Further, in the afternoon on the same day, the attack spread to several entities across the globe
including some major organizations such as MegaFon, FedEx and Renault. Here Microsoft
issued the statement calling the situation painful.
May 13
An update of malware expected to be released, which was increasing its spread. Microsoft
brought an additional security update for the consumers to protect their windows platforms.
Monday: May 15: Morning
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT write up 4
The homeland security adviser of president Trump expected a high number of people influenced
by the attack. By Monday, it has influenced more than 200000 government agencies,
corporations, hospital and other entities (Hayden, 2017).
Technical means
To discuss the technical side of the attack and WannaCry ransomware, this is to mention that it
consists of many components. It comes as a dropper in the infected system, which extracts and
affects other application components such as a copy of tor, files having encryption keys,
application enable to decrypt or encrypt data and others. As soon as it launches to a system it
accesses hard code access and in event of failure, it further proceeds to search for these URLs.
Thereafter it encrypts the file in a variety of formats that such as Microsoft office files to MKVs
or MP3s due to that it becomes impossible for users to access them. Lastly, it displays a ransom
notice where it demands $300 in Bitcoin to bring the original file back to the user through
decryption. The vulnerability, which WannaCry exploits, exists in the Windows implementation
of SMB protocol. Before encrypting files, WannaCry always tries to access gibberish, a long
URL. Nevertheless, the reason for this functionality is still not clear (Fruhlinger, 2018).
Threat Actor
To discuss the origin of WannaCry and threat actors behind the same, this is to state that the
national security agency of US discovered vulnerabilities and developed a code-named
EternalBlue to exploit it rather than reporting the same to InfoSec community. Shadow Brokers,
a hacking group have stolen the exploit who further released it. Microsoft has also identified the
The homeland security adviser of president Trump expected a high number of people influenced
by the attack. By Monday, it has influenced more than 200000 government agencies,
corporations, hospital and other entities (Hayden, 2017).
Technical means
To discuss the technical side of the attack and WannaCry ransomware, this is to mention that it
consists of many components. It comes as a dropper in the infected system, which extracts and
affects other application components such as a copy of tor, files having encryption keys,
application enable to decrypt or encrypt data and others. As soon as it launches to a system it
accesses hard code access and in event of failure, it further proceeds to search for these URLs.
Thereafter it encrypts the file in a variety of formats that such as Microsoft office files to MKVs
or MP3s due to that it becomes impossible for users to access them. Lastly, it displays a ransom
notice where it demands $300 in Bitcoin to bring the original file back to the user through
decryption. The vulnerability, which WannaCry exploits, exists in the Windows implementation
of SMB protocol. Before encrypting files, WannaCry always tries to access gibberish, a long
URL. Nevertheless, the reason for this functionality is still not clear (Fruhlinger, 2018).
Threat Actor
To discuss the origin of WannaCry and threat actors behind the same, this is to state that the
national security agency of US discovered vulnerabilities and developed a code-named
EternalBlue to exploit it rather than reporting the same to InfoSec community. Shadow Brokers,
a hacking group have stolen the exploit who further released it. Microsoft has also identified the
IT write up 5
vulnerability before a month of the outbreak and also developed a patch for it. Nevertheless, still
many systems have been left vulnerable. EternalBlue played a significant role in the whole issue
where the same works on all the versions of windows before the windows 8. These versions
allow null sessions as they consist an interposes communication to share. In addition to this, it
allows cyber threat actors to execute arbitrary code remotely and help them, to access a network
by sending the specially crafted package. It means the WannaCry was a malware that used
EternalBlue exploit. With the use of EternalBlue, WannaCry spread itself throughout all the
connected networks (cisecurity.org, 2019). EternalBlue can compromise the networks and
therefore all the devices connected remain at risk if come across to the malware through
EternalBlue.
The president of Microsoft, Brad Smith believed that the originator of the WannaCry attack was
North Korea. In addition to this, the national cybersecurity center of the UK has also reached up
to the same conclusion. In an assessment done by the national cybersecurity center, the North
Korean hacking group found liable in a most likely manner for the said attack (bbc.com, 2017).
The real creators of this ransomware are still not identified.
Motivation
It is difficult to check the true motivation behind such a huge attack as the same targeted
different firms of different nations. It means they have not followed a particular pattern to select
their victims. As it was a simple cash grab for the perpetrators hence WannaCry taken few
efforts to deduce. At present also, the motives behind the WannaCry outbreak are not clear but
the same cannot be considered as an effective approach for its authors to make money (Gorman,
2017). In general motivation behind “ransomware” attacks is to make money out of it but in the
vulnerability before a month of the outbreak and also developed a patch for it. Nevertheless, still
many systems have been left vulnerable. EternalBlue played a significant role in the whole issue
where the same works on all the versions of windows before the windows 8. These versions
allow null sessions as they consist an interposes communication to share. In addition to this, it
allows cyber threat actors to execute arbitrary code remotely and help them, to access a network
by sending the specially crafted package. It means the WannaCry was a malware that used
EternalBlue exploit. With the use of EternalBlue, WannaCry spread itself throughout all the
connected networks (cisecurity.org, 2019). EternalBlue can compromise the networks and
therefore all the devices connected remain at risk if come across to the malware through
EternalBlue.
The president of Microsoft, Brad Smith believed that the originator of the WannaCry attack was
North Korea. In addition to this, the national cybersecurity center of the UK has also reached up
to the same conclusion. In an assessment done by the national cybersecurity center, the North
Korean hacking group found liable in a most likely manner for the said attack (bbc.com, 2017).
The real creators of this ransomware are still not identified.
Motivation
It is difficult to check the true motivation behind such a huge attack as the same targeted
different firms of different nations. It means they have not followed a particular pattern to select
their victims. As it was a simple cash grab for the perpetrators hence WannaCry taken few
efforts to deduce. At present also, the motives behind the WannaCry outbreak are not clear but
the same cannot be considered as an effective approach for its authors to make money (Gorman,
2017). In general motivation behind “ransomware” attacks is to make money out of it but in the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT write up 6
case of WannaCry, the ransom was low. As per Europol, only a few firms have chosen to pay
$300 or more in Bitcoin for decryption of the files.
Behind malicious attacks, a variety of reasons can exist including revenge, fear, coercion,
financial gain, and others.
Targets
As mentioned above, millions of firm's systems, as well as other systems, have been affected by
this outbreak; the same has made some specific targets. Firstly, the exploit code was designed in
a manner that can only work against unpatched Windows 7 or earlier operating systems of
windows. It means Windows 10 PCs are not likely to be affected by this attack. Here it is clear
that the main target of WannaCry was an outdated system where it was easy for it to struck.
More than 250 countries have been targeted under the outbreak that included Britain, the UK, the
US and Japan and other developed as well as many developing countries. Across a variety of
organizations that have been affected under this attack, hospitals have found s most easy targets.
One such reason is that they have incredible time-sensitive data, which makes them most
susceptible to ransomware. In addition to this, hospitals are way back in updating their software
in comparison to other industries and only pay 2-4% of their operating budget on their
information security and therefore their system remains unupdated and at-risk (Dwoskin and
Adam, 2017). This was the reason that WannaCry mainly targeted those systems that were
vulnerable or outdated.
case of WannaCry, the ransom was low. As per Europol, only a few firms have chosen to pay
$300 or more in Bitcoin for decryption of the files.
Behind malicious attacks, a variety of reasons can exist including revenge, fear, coercion,
financial gain, and others.
Targets
As mentioned above, millions of firm's systems, as well as other systems, have been affected by
this outbreak; the same has made some specific targets. Firstly, the exploit code was designed in
a manner that can only work against unpatched Windows 7 or earlier operating systems of
windows. It means Windows 10 PCs are not likely to be affected by this attack. Here it is clear
that the main target of WannaCry was an outdated system where it was easy for it to struck.
More than 250 countries have been targeted under the outbreak that included Britain, the UK, the
US and Japan and other developed as well as many developing countries. Across a variety of
organizations that have been affected under this attack, hospitals have found s most easy targets.
One such reason is that they have incredible time-sensitive data, which makes them most
susceptible to ransomware. In addition to this, hospitals are way back in updating their software
in comparison to other industries and only pay 2-4% of their operating budget on their
information security and therefore their system remains unupdated and at-risk (Dwoskin and
Adam, 2017). This was the reason that WannaCry mainly targeted those systems that were
vulnerable or outdated.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT write up 7
Victim’s respond
Russia has been one of the countries affected by WannaCry badly as it crashed their systems at
phone networks and banks. In China, also 29000 organizations have suffered due to the
subjective attack. Renault, the car manufacturer company was one of the highly influenced
victims of WannaCry 2017. These different victim organizations have responded to the issue in a
different manner where some of them have increased their information security by updating their
system or some of them ensured their control access. The Healthcare industry is still not ready
for the next attack, as the same did not provide any strong response to WannaCry. To discuss the
other responses this is to state that NHS (National Health Service) has switched to Windows 10
as a response to the WannaCry. In addition to this, it has also implemented a cybersecurity plan.
Nevertheless, the measures taken by it have been criticized as there is much work left to ensure
data security considering the loss suffered by several hospitals at the time of WannaCry
(bbc.com, 2018).
Suggestion
It felt that the issue could be prevented in many of the entities or at least the organization could
detect the issue earlier and could better respond. The following are some ways in which it could
be done.
Firstly, entities could detect the event earlier by having an appropriate internal audit
system where they could sense the potential risk and could better respond by creating
back up of their files in the original format. Constant monitoring of usual behavior could
help the entities here.
Victim’s respond
Russia has been one of the countries affected by WannaCry badly as it crashed their systems at
phone networks and banks. In China, also 29000 organizations have suffered due to the
subjective attack. Renault, the car manufacturer company was one of the highly influenced
victims of WannaCry 2017. These different victim organizations have responded to the issue in a
different manner where some of them have increased their information security by updating their
system or some of them ensured their control access. The Healthcare industry is still not ready
for the next attack, as the same did not provide any strong response to WannaCry. To discuss the
other responses this is to state that NHS (National Health Service) has switched to Windows 10
as a response to the WannaCry. In addition to this, it has also implemented a cybersecurity plan.
Nevertheless, the measures taken by it have been criticized as there is much work left to ensure
data security considering the loss suffered by several hospitals at the time of WannaCry
(bbc.com, 2018).
Suggestion
It felt that the issue could be prevented in many of the entities or at least the organization could
detect the issue earlier and could better respond. The following are some ways in which it could
be done.
Firstly, entities could detect the event earlier by having an appropriate internal audit
system where they could sense the potential risk and could better respond by creating
back up of their files in the original format. Constant monitoring of usual behavior could
help the entities here.
IT write up 8
The second way was to consider cybersecurity as a top priority that many of the victim
organizations did not. By keeping firewalls, antivirus and operating software up to date
and backing up the data the cost of total suffered loss could be decreased.
The Internet of things is another area where attention could pay. Due to the development
of the internet of things, the world has become more connected and in this way, the risk
of cyber threat has also been increased. As discussed above, WannaCry was able to
spread across networks hence the organization-having implementation of things became
more vulnerable to the risk. These entities could better manage the risk of WannaCry
while ensuring safety across their channel of the internet of things.
According To IT, service providers nearly 46% ransomware attacks cause by phishing
scams or email. In this manner, organizations could decrease the risk of attack by
preventing unauthorized access or developing g-mail scans as WannaCry was also a type
of ransomware.
The idea of windows updation is stated at last but the same is not least as the main cause
of the attack was outdated window systems. If organizations would have paid enough
attention to their information security aspect and had the latest version or at least a
version after windows 8 then they could prevent their company from this risk.
Conclusion
To conclude this report, this is to state that WannaCry has affected millions of firms and bring
them the loss of billions. One after another, it affected more than 150 companies. The motive of
this attack has still not been found but it made the target to those entities where it was easy to
struck into the network. EternalBlue has been used as an exploitation tool that was developed by
The second way was to consider cybersecurity as a top priority that many of the victim
organizations did not. By keeping firewalls, antivirus and operating software up to date
and backing up the data the cost of total suffered loss could be decreased.
The Internet of things is another area where attention could pay. Due to the development
of the internet of things, the world has become more connected and in this way, the risk
of cyber threat has also been increased. As discussed above, WannaCry was able to
spread across networks hence the organization-having implementation of things became
more vulnerable to the risk. These entities could better manage the risk of WannaCry
while ensuring safety across their channel of the internet of things.
According To IT, service providers nearly 46% ransomware attacks cause by phishing
scams or email. In this manner, organizations could decrease the risk of attack by
preventing unauthorized access or developing g-mail scans as WannaCry was also a type
of ransomware.
The idea of windows updation is stated at last but the same is not least as the main cause
of the attack was outdated window systems. If organizations would have paid enough
attention to their information security aspect and had the latest version or at least a
version after windows 8 then they could prevent their company from this risk.
Conclusion
To conclude this report, this is to state that WannaCry has affected millions of firms and bring
them the loss of billions. One after another, it affected more than 150 companies. The motive of
this attack has still not been found but it made the target to those entities where it was easy to
struck into the network. EternalBlue has been used as an exploitation tool that was developed by
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT write up 9
Us national security agencies. Organizations have failed to respond propyl to this issue even after
happening of the event where the same by occurring through timely updations of system,
networks, and Software. The attack teaches a lesson to the world that information security is an
important area and requires timely attention.
Us national security agencies. Organizations have failed to respond propyl to this issue even after
happening of the event where the same by occurring through timely updations of system,
networks, and Software. The attack teaches a lesson to the world that information security is an
important area and requires timely attention.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT write up 10
References
bbc.com. (2017). Cyber-attack: US and UK blame North Korea for WannaCry. [online]
Available from: https://www.bbc.com/news/world-us-canada-42407488 [Accessed on
03/04/2020]
bbc.com. (2018) NHS ransomware attack response criticized. [online] Available from:
https://www.bbc.com/news/health-43795001 [Accessed on 03/04/2020]
cisecurity.org. (2019) EternalBlue. [online] Available from: https://www.cisecurity.org/wp-
content/uploads/2019/01/Security-Primer-EternalBlue.pdf [Accessed on 03/04/2020]
Dwoskin, E., and Adam, K. (2017) More than 150 countries affected by massive cyberattack,
Europol says. [online] Available from:
https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-
massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-
c4f199710b69_story.html [Accessed on 03/04/2020]
Fruhlinger, J. (2018) What is WannaCry ransomware, how does it infect, and who was
responsible? [online] Available from: https://www.csoonline.com/article/3227906/what-is-
wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html [Accessed on
03/04/2020]
Gorman, G., (2017) Petya outbreak: What’s the motive behind this major cyber attack? [online]
Available from: https://medium.com/threat-intel/petya-attack-motivation-938a9a873691
[Accessed on 03/04/2020]
References
bbc.com. (2017). Cyber-attack: US and UK blame North Korea for WannaCry. [online]
Available from: https://www.bbc.com/news/world-us-canada-42407488 [Accessed on
03/04/2020]
bbc.com. (2018) NHS ransomware attack response criticized. [online] Available from:
https://www.bbc.com/news/health-43795001 [Accessed on 03/04/2020]
cisecurity.org. (2019) EternalBlue. [online] Available from: https://www.cisecurity.org/wp-
content/uploads/2019/01/Security-Primer-EternalBlue.pdf [Accessed on 03/04/2020]
Dwoskin, E., and Adam, K. (2017) More than 150 countries affected by massive cyberattack,
Europol says. [online] Available from:
https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-
massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-
c4f199710b69_story.html [Accessed on 03/04/2020]
Fruhlinger, J. (2018) What is WannaCry ransomware, how does it infect, and who was
responsible? [online] Available from: https://www.csoonline.com/article/3227906/what-is-
wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html [Accessed on
03/04/2020]
Gorman, G., (2017) Petya outbreak: What’s the motive behind this major cyber attack? [online]
Available from: https://medium.com/threat-intel/petya-attack-motivation-938a9a873691
[Accessed on 03/04/2020]
IT write up 11
Hayden, M., E. (2017) A timeline of the WannaCry cyberattack. [online] Available from:
https://abcnews.go.com/US/timeline-wannacry-cyberattack/story?id=47416785 [Accessed on
03/04/2020]
Hayden, M., E. (2017) A timeline of the WannaCry cyberattack. [online] Available from:
https://abcnews.go.com/US/timeline-wannacry-cyberattack/story?id=47416785 [Accessed on
03/04/2020]
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.