Documente Academic
Documente Profesional
Documente Cultură
6 August 2018
Submitted To:
Dr. Michael Lane
(Course Examiner)
Submitted By:
Mohammed Abdul Khadeer (Student Name)
(USQ SID 0061091241)
Table of Contents
Q1. The WannaCry RansomWare Attack in summary ........................................................................... 2
Q2
Q3. How the WannaCry Ransomware Attack works ............................................................................. 3
Q3.1 As a process ................................................................................................................................ 3
Q3.2 Technically .................................................................................................................................. 3
3. List of References ............................................................................................................................ 4
The WannaCry RansomWare Attack in summary (About 100 words)
Q1 What sort of cyber security attack was WannaCry Ransomware Attack and when
did it first emerge and occur
Q2 What was the impact of the WannaCry Ransomware Attack in dollar terms for
organisations globally – give two specific examples of organisations that were impacted
by the WannaCry Ransomware Attack
Q3.1 As a process
The attacker sends a link to a random computer user in a target organisation. The person opens that
link. The link contains a malware which gets installed into the computer. The malware then encrypts
all the files and locks the computer. Following encryption, a message is seen on the infected
computer demanding ransom in bitcoins. The organisation is given a deadline by which the payment
has to be made. If the initial deadline is not met, the ransom is doubled. If the payment is not made
even after the ransom is doubled, then it is threatened that the files will be permanently deleted.
From the attacker’s perspective, it is an attempt to extort money from vulnerable organisations by
utilising the loopholes in their security systems. As bitcoin is a cryptocurrency, it gives them the
security to avoid detection by law enforcement agencies. If one looks at the Organisation’s
perspective, there will be an anxiety that precious data will be lost forever. This would be more of
a concern for organisations which do not have a backup. There could also be interruptions to the
routine functioning of the organisations.
Q3.2 Technically
The ransomware is concealed within files like word/PDF sent which can be sent through
emails. The malware can get activated on obsolete operating systems like the Windows
XP. Such obsolete operating systems do not receive security updates making the users
vulnerable to such attacks. The malware requires computers running called Server
Message Block (SMB). Using the loopholes in SMB, it spreads to various computers. This
eliminates the need for the prospective victims to download the file. Once an infection has
taken place, the malware connects with a server to get activated. After the activation of the
malware, it starts encrypting all the important files. This leads to the victim being unable
to access the files. After the encryption has been completed, a message is shown on the
computer screen asking the victim to pay a ransom money. This is a weak spot in the
malware as the malware has to contact with its operator thereby providing a route for
authorities to detect the attackers. To conceal their identity the attackers created a kill-
switch which can cease their link with the malware. The kill-switch in this instance was a
“sink-hole server” which the malware tries to connect. This sinkhole server was an
unregistered domain. The spread of this malware was halted by a researcher registering
this domain leading to the activation of the kill-switch.
(Naidu and Sireesha, 2017) (Winckles, 2017)
List of References
Berr, J. (2017). "WannaCry" ransomware attack losses could reach $4 billion. [online]
cbsnews.com. Available at: https://www.cbsnews.com/news/wannacry-ransomware-attacks-
wannacry-virus-losses/ [Accessed 4 Aug. 2018].
Goud, N. (n.d.). British NHS incurred £700,000 loss due to WannaCry Ransomware Attack.
[online] Cybersecurity Insiders. Available at: https://www.cybersecurity-insiders.com/british-
nhs-incurred-700000-loss-due-to-wannacry-ransomware-attack/ [Accessed 4 Aug. 2018].
National Audit Office (NAO). (2017). Investigation: WannaCry cyber attack and the NHS.
[online] Available at: https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-
and-the-nhs/ [Accessed 4 Aug. 2018].
Johnson, T. (2017). Here's one tally of the losses from WannaCry cyberattack. [online]
Phys.org. Available at: https://phys.org/news/2017-05-tally-losses-wannacry-
cyberattack.html [Accessed 6 Aug. 2018].
Jones, S. (2017). Timeline: How the WannaCry cyber attack spread. [online] Ft.com.
Available at: https://www.ft.com/content/82b01aca-38b7-11e7-821a-6027b8a20f23
[Accessed 4 Aug. 2018].
NHS Digital. (2017). NHS Digital responds to report on WannaCry cyber incident - NHS
Digital. [online] Available at: https://digital.nhs.uk/news-and-events/news-archive/2017-
news-archive/nhs-digital-responds-to-report-on-wannacry-cyber-incident [Accessed 4 Aug.
2018].
Winckles, A. (2017). Here’s how the ransomware attack was stopped – and why it could soon
start again. The Conversation. [online] Available at: http://theconversation.com/heres-how-
the-ransomware-attack-was-stopped-and-why-it-could-soon-start-again-77745 [Accessed 6
Aug. 2018].