Analyzing WannaCry: Security Policies, Impact, and Prevention Methods

Verified

Added on 2023/06/12

AI Summary

This report provides an overview of the WannaCry ransomware attack, detailing its propagation methods, impact on organizations, and essential prevention strategies. It emphasizes the importance of patching systems, training users on security awareness, and backing up data. The report also discusses the roles of incident response, disaster recovery, and business continuity planning in mitigating the effects of such attacks. Furthermore, it highlights the lessons learned from the WannaCry incident, including the need for robust security measures and the importance of threat intelligence in evolving anti-malware solutions. The report concludes by noting the widespread impact of ransomware attacks on businesses, economies, and clients, stressing the need for proactive cybersecurity measures. Desklib provides similar solved assignments and resources for students.

NETWORK SECURITY ASSIGNMENT

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

MEMORANDUM
TO: All employees
FROM: [Student Name and any desired title]
DATE: 22nd May, 2018.
SUBJECT: Lax information security in the organization
Owing to the recently undertaken audit on the company, it has come to my attention that there is a
huge lax in information security in the organization. There are no coordinated security policies and
the few policies that are in pace are not being followed.
With the organization not taking the information security into consideration, we will soon run into
the problem of a security breach. As is, there has already been a social engineering attempt where
someone hoodwinks another to reveal critical information.
We should therefore be aware of the different security breaches that are commonly used such as
phishing and spoofing so that we are not caught unaware and stay on the alert to spot and report
any attempts. On the same note, to avoid being a victim, I recommend to do the following, never
give critical information to anyone unless they need to know and are authorized to do so, do not
open any suspicious looking files and links and also ensure the URL of any link is genuinely for the
site it claims to be going to.
I encourage all of us to follow the currently available policies and any other that will be made in
order to increase our information security.
Thank you for your cooperation.
Best regards,
[Student name and desired title]

WannaCry ransomware
Introduction
Wannacry has been defined to be a worm which is spread by exploiting vulnerabilities that are in the
Windows operating system [1] especially the older versions which have since stopped being
updated. If installed, WannaCry encrypts all the files then as the name suggests, it demands a
ransom payment in exchange for one's files being decrypted. The ransomware consists of multiple
components [2]. These include an application for encryption and decryption of data, files that have
the encryption keys and a copy of Tor.
How attack is propagated
Information gathered by studying the DoublePulsar backdoor capabilities enables inking the SMB
exploit to the EternalBlue SMB exploit [3]. The ransomware uses a lateral movement technique to
spread through the machines in a network. In particular, it makes use of the Windows Server
Message Block (SMB) to spread through a network while operating over TCP 45 and 139 [4]. The
propagation happens in the “mssecsvc2.0” ServiceHandler function which is in charge of WSAstartup
functionality and cryptographic initialization. Therefore, the ServiceHandler will generate two
threads that will enable SMB exploitation, the two will infect targets one internal and the other
external.
Impact on organizations
The WannaCry ransomware spread so fast that in a single weekend, the victim systems had really
grown from 45,000 to a number estimated to be 200,000. The effects of this is that large
organizations were crippled [5]. This was as a result of data since the ransomware would affect even
the backups. Ransomware are so effective largely due to the downtime and organizations affected
said they lost between $5,000 to $20,000 in a single day [6].
To protect an organization from the WannaCry ransomware, it is essential to update software and
operating systems of computers as soon as a patch or a new version is released. In this case,
WannaCry exploited a vulnerability whose patch Microsoft had already released in a later version
but there were still so many victims and Microsoft had to release an emergency patch for the older
versions of Windows that they had already stopped supporting.
It is essential that organizations don't rely only on one form of cyber security. Therefore some of the
other methods that can be applied include using an anti-virus, a firewall and regularly backing up key
data to off-line hard drives such that even if the networks are attacked they have some data to fall
back on [7]. Other than this one shod not open any suspicious emails or attachments and the same
should be communicated to all users [8].

Role of incident response planning
An incident report plan outlines the systematic method of approach to be used and management of
situations arising from IT security incidents or breaches [9]. Therefore, incident response planning
will ensure that very little time is spent in wondering what should be done next.
Role of disaster recovery planning
A disaster recovery plan will outline the different alternatives that can be taken in case of a disaster
such as this. Therefore, in this case the disaster recovery plan might include use of off-line hard
drives which have the company's essential data and transferring that to an online server to be used
by the organization.
Role of business continuity planning
The business continuity plan outlines the different risks and threats that face an organization [10]
and giving the measures for mitigating them such that even if they occur, the organization's
operations will not be interrupted a lot. With business continuity planning, the ransomware attack
should have been foreseen and the steps towards preventing or overcoming it also outlined.
Protecting personal computers
The most crucial way of protecting your personal computer from Wannacry and such ransomware is
to ensure that your operating system and a software are up to date. This will ensure that you have
all the patches that are released for the different software hence reduce the risk of a vulnerability
from an older version affecting you when it is exploited.
Another option is to use an anti-malware [11]. This will ensure that any file suspected to be a
malware is scraped and dealt with before it affects the system and it is actually not allowed to run.
Even with the latest software and operating system and an anti-malware it is also advised for users
to further protect themselves by being wary of any malicious email attachments. This is because no
single anti-virus or anti-malware can be strong enough to recognize all malware since they are so
many and are always evolving and new ones come up often.
Lessons learned from WannaCry incident
As much as the WannaCry ransomware has caused nightmares to a lot of people, while looking at
the silver lining, there are several lessons that one can learn from the WannaCry incident.
The first lesson is to do with patching. Patch always and often. This will ensure you have the latest
versions of the software and operating system you run hence your system will not be vulnerable to
some of the malware.
Another lesson learned is that the human factor is one of the greatest vulnerability any network has.
Therefore, it is essential that end users are properly trained on security awareness to make them

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

alert and able to identify suspicious emails and files. This will ensure that the users do not introduce
malware in the network.
From the WannaCry incident, it is also important to learn the importance of backing up data. The
backup should involve both online and off-line resources this will ensure that one can quickly
recover and go back to original state of stability after such an attack.
The importance of planning is also seen from the incidence. These include business continuity,
disaster recovery and incident response planning. With these in place, the confusion that comes
after such an incident will be eliminated and one can quickly bounce back to operation. Since all they
have to do is follow what is written in the documents as opposed to trying to make up a plan after
the incident has occurred.
The final lesson learned is the importance avoidance or prevention software such as anti-viruses and
anti-malware. These will prevent the opening or running of any suspicious files and will discard the
files. However, malware are also constantly evolving therefore there is need for a more lasting
solution since as it is, an anti-malware may not be able to detect all types of malware. This leads to
the alternative of blocking malware with threat intelligence such that the malware evolve, the anti-
malware will also be evolving by learning the trend for the current malware.
Who is affected
When a ransomware hits, those primarily affected are the organizations or businesses who are
victims. However, the problem goes further than that. The problem escalates to a national or even
global issue depending on what the business deals with. This is because the attack affects a business'
normal operations and also the financial aspect of the organization which will affect the economy as
a whole.
Other than that, the clients of the business will also be immensely affected since they will be denied
the product or service for the time when the organization is still restructuring to come back for
normal operations and it might even lose the business some clients who will opt for other alternative
services or products from the organization's competitors.

References
[1]"Ransom.Wannacry | Symantec", Symantec.com, 2018. [Online]. Available:
https://www.symantec.com/en/sg/security-center/writeup/2017-051310-3522-99. [Accessed:
22- May- 2018].
[2]J. Fruhlinger, "What is WannaCry ransomware, how does it infect, and who was responsible?",
CSO Online, 2018. [Online]. Available:
https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html. [Accessed: 22- May- 2018].
[3]A. McNeil, "How did the WannaCry ransomworm spread? - Malwarebytes Labs", Malwarebytes
Labs, 2018. [Online]. Available: https://blog.malwarebytes.com/cybercrime/2017/05/how-did-
wannacry-ransomworm-spread/. [Accessed: 22- May- 2018].
[4]A. Singh, "WannaCry Ransomware Analysis: Lateral Movement Propagation - Acalvio", Acalvio,
2018. [Online]. Available: https://www.acalvio.com/wannacry-ransomware-analysis-lateral-
movement-propagation/. [Accessed: 22- May- 2018].
[5]J. Kennedy, "Impact of WannaCry: Major disruption as organisations go back to work", Silicon
Republic, 2018. [Online]. Available: https://www.siliconrepublic.com/enterprise/wannacry-
impact-organisations-attack. [Accessed: 22- May- 2018].
[6]"Effect of Rasomware on Businesses and Organisations", Cloud Central, 2018. [Online]. Available:
https://cloudcentral.co.uk/articles/effect-of-ransomware-on-business/. [Accessed: 22- May-
2018].
[7]M. Wall and M. Ward, "WannaCry: What can you do to protect your business?", BBC News, 2017.
[Online]. Available: http://www.bbc.com/news/business-39947944. [Accessed: 22- May- 2018].
[8]M. Lee, "9 Crucial Steps To Protect Your Organization From WannaCry Threat", SWC, 2017.
[Online]. Available: https://www.swc.com/blog/security/protect-organization-wannacry-right-
now. [Accessed: 22- May- 2018].
[9]"What is an Incident Response Plan? - Definition from Techopedia", Techopedia.com, 2018.
[Online]. Available: https://www.techopedia.com/definition/16513/incident-response-plan.
[Accessed: 22- May- 2018].
[10]Investopedia Staff, "Business Continuity Planning (BCP)", Investopedia, 2018. [Online]. Available:
https://www.investopedia.com/terms/b/business-continuity-planning.asp. [Accessed: 22- May-
2018].
[11]"WannaCry ransomware – what it is and how to protect your PC | Avast", Avast.com, 2018.
[Online]. Available: https://www.avast.com/c-wannacry. [Accessed: 22- May- 2018].
[12]A. Hern, "How to protect your computer against the ransomware attack", the Guardian, 2018.

[Online]. Available: https://www.theguardian.com/technology/2017/may/15/windows-xp-patch-
wannacry-ransomware-wecry-wanacrypt0r. [Accessed: 22- May- 2018].