Scribd
Upload
247 views5 pages

WannaCry Ransomware Attack Case Study

The Wanna Cry ransomware attack in May 2017 was one of the largest cyber attacks ever, infecting over 200,000 computers globally and encrypting data. It exploited a vulnerability in Windows OS and demanded ransom payments in bitcoin. While no one paid, one researcher accidentally discovered a kill switch that slowed the virus's spread. The attack significantly impacted businesses, hospitals, and organizations around the world by disabling computer systems.

Uploaded by

aijaz parray
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
247 views5 pages

WannaCry Ransomware Attack Case Study

The Wanna Cry ransomware attack in May 2017 was one of the largest cyber attacks ever, infecting over 200,000 computers globally and encrypting data. It exploited a vulnerability in Windows OS and demanded ransom payments in bitcoin. While no one paid, one researcher accidentally discovered a kill switch that slowed the virus's spread. The attack significantly impacted businesses, hospitals, and organizations around the world by disabling computer systems.

Uploaded by

aijaz parray
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
  • Case Study on Ransomware
  • What helped make this attack successful?
  • The Cure
  • Conclusion
  • Impact

CASE STUDY ON RANSOMWARE

The Wanna Cry ransom ware attack is one of the largest ever cyber attacks
affecting computers across the globe, Ransomware is a particularly nasty
type of malware that blocks access to a computer or its data and demands
money to release it.

ALL THAT HAPPENED: On 12th May 2017, media reports started highlighting
that a ransomware attack had brought down computer systems in UK
hospitals. It soon emerged that the attack was global with reports of
affected computers coming in from all over the globe. The ransomware -
Wanna Cry - infected computers and encrypted all the data stored on the
hard drives. In lieu of decrypting the data, Wanna Cry demanded payment
ranging between $300 (around Rs 19,000) to $600 (around Rs 39,000) in
bitcoin. As of 13th May 2017, no hacker or hacker group had come forward
to claim responsibility for the cyber attack, which used an exploit first
developed by the US NSA. The European Cybercrime Centre said, "The
recent attack is at an unprecedented level and will require a complex
international investigation to identify the culprits. Some experts said the
threat had receded as of 14th may 2017, in part because MalwareTech
registered a domain that he noticed the malware was trying to connect to,
limiting Wanna Cry's spread. Microsoft also issued emergency security
patches for a range of Windows versions. The Indian Computer Emergency
Response Team (ICERT or CERT-In) was said to be monitoring the situation
continuously. Earlier on 13th May 2017 CERT-In was reported to have issued
an adivsory asking computer users in India to upgrade their systems to the
latest Windows patch [Link] Brazil, Volume: 02 Issue: 05 May– 2017 (IJRIER)
Available Online at : [Link] Page 83 the social security system had
to disconnect its computers and cancel public access. The state-owned oil
company Petrobras and Brazil's Foreign Ministry also disconnected
computers as a precautionary measure, and court systems went down,
[Link] Russia, government agencies insisted that all attacks had been
resolved. Russian Interior Ministry, which runs the national police, said the
problem had been "localized" with no information compromised. Russia's
health ministry said its attacks were "effectively repelled." Germany’s national
railway said on 13th May departure and arrival display screens at its train
stations were affected, but there was no impact on actual train services.
Deutsche Bahn said it deployed extra staff to help [Link]
carmaker Renault's assembly plant in Slovenia halted production after it was
targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern
town of Novo Mesto stopped working Friday evening to stop the malware
from [Link] in Europe, the attack hit Spain's Telefonica, a
global broadband and telecommunications company, and knocked ticketing
offline for Norway's IF Odd, a 132-year-old soccer club.
What helped make this attack successful?
1. The main victims of such cybercrime were Windows 8, 2003 and XP users,
because the last released security update for XP was in April 2014, and many
didn’t install the newer update as of March this year.
2. Microsoft had stopped supporting these versions of windows, but an
emergency update was released for them to fight this cyber attack.
3. Also, there were many using an unlicensed windows software. This makes
them all the more vulnerable.
4. The attack is believed to have been carried out using tools that were
stolen from the US security agency NSA, which had been stockpiling on a
number of vulnerabilities around Windows OS, MacOS, etc.
5. The WannaCry ransomware attack had exploited a vulnerability in
Windows OS called EternalBlue.

The Cure

There are no recorded cases of anyone’s computer getting decrypted after


making the required payment.
1. While trying to establish the size of the attack, a man named Marcus
Hutchins accidentally discovered a “kill switch” coded in the malware. He
registered a domain name for the DNS sinkhole (a DNS which gives false
information about a domain), which stopped the spreading of the virus like
a worm, thus drastically slowing down the spread of the virus, giving time to
come up with defensive measures.
2. A man named Adrian Guinet created a “WannaKey”, a solution to the
WannaCry ransomware based on its flaws. He cautioned that it wouldn’t
work if the infected computer was rebooted or if the malware overwrote the
decryption key.

Impact

1. This attack impacted a number of businesses, institutions and hospitals all


over the world.
2. Businesses like Nissan and Renault had to pause their activities after some
of their computers were affected.
3. In hospitals, computer systems used for various purposes were affected,
like MRI scanners and computers.
4. Many critics said that this attack could have been prevented if people
took steps, to solve the flaws on which the attacks were based, earlier.
5. Some even blame the governments for their inability to secure
vulnerabilities.
6. Estimates state that around 200,000 to 300,000 computer systems were
affected in this attack in approximately 150 countries.

CONCLUSION

In conclusion ransomware attacks, has proved that their impact can be


devastating to small business owners and organization. Ransomware is not
only threats to small business and organization it has an impact on people
as well. In its public service request report from the FBI,they urge anyone
who’s suffered a ransomware infection to never pay ransoms because it helps
criminals refine their attacks and snare even more victims.

CASE STUDY ON RANSOMWARE The Wanna Cry ransom ware attack is one of the largest ever cyber attacks affecting computers acro
Response Team (ICERT or CERT-In) was said to be monitoring the situation continuously. Earlier on 13th May 2017 CERT-In was
What helped make this attack successful? 1. The main victims of such cybercrime were Windows 8, 2003 and XP users, because
work if the infected computer was rebooted or if the malware overwrote the decryption key. Impact 1. This attack impa

You might also like