The University of Southern Queensland (USQ)

CIS5205 Management of Information Security

Assignment 1

6 August 2018

Submitted To:
Dr. Michael Lane
(Course Examiner)

Submitted By:
Mohammed Abdul Khadeer (Student Name)
(USQ SID 0061091241)

Total Words: 850 ( including references)

Table of Contents
Q1. The WannaCry RansomWare Attack in summary ........................................................................... 2
Q2
Q3. How the WannaCry Ransomware Attack works ............................................................................. 3
Q3.1 As a process ................................................................................................................................ 3
Q3.2 Technically .................................................................................................................................. 3
3. List of References ............................................................................................................................ 4
The WannaCry RansomWare Attack in summary (About 100 words)

Q1 What sort of cyber security attack was WannaCry Ransomware Attack and when
did it first emerge and occur

Attack Description WannaCry Ransomware Attack

When It First Emerged and 12th May, 2017 (Jones, 2017)

Occur

Impact Globally ($$$) The financial and economic loss is estimated at $ 4

billion (Berr, 2017).

Q2 What was the impact of the WannaCry Ransomware Attack in dollar terms for
organisations globally – give two specific examples of organisations that were impacted
by the WannaCry Ransomware Attack

Company Date attacked Impact of the attack – ($$$) and Consequences

name
NHS, United 12th May, It impacted 81 NHS organisations and hundreds
Kingdom 2017 (NHS of GP practices and primary care organisations.
Digital, 2017) This lead to cancellations of thousands of
appointments and surgeries (National Audit
Office (NAO), 2017). The financial loss is
estimated at GBP 700,000 (Goud, n.d.).

Renault 12th May, It has led to the halt of production at the

2017 (Naidu manufacturing plants of the carmaker. Assembly
and Sireesha, likes had stopped. At least 100 cars could not be
2017) produced due to the attack. Extensive literature
search did not reveal a financial figure. (Frost and
Tajitsu, 2017) (Kostov, 2017) (Johnson, 2017)
Q3. Explain how the WannaCry Ransomware Attack works as a process and technically
– considering the perspectives of both the attacker and organisation that could be
attacked (about 400 words)

Q3.1 As a process

The attacker sends a link to a random computer user in a target organisation. The person opens that
link. The link contains a malware which gets installed into the computer. The malware then encrypts
all the files and locks the computer. Following encryption, a message is seen on the infected
computer demanding ransom in bitcoins. The organisation is given a deadline by which the payment
has to be made. If the initial deadline is not met, the ransom is doubled. If the payment is not made
even after the ransom is doubled, then it is threatened that the files will be permanently deleted.
From the attacker’s perspective, it is an attempt to extort money from vulnerable organisations by
utilising the loopholes in their security systems. As bitcoin is a cryptocurrency, it gives them the
security to avoid detection by law enforcement agencies. If one looks at the Organisation’s
perspective, there will be an anxiety that precious data will be lost forever. This would be more of
a concern for organisations which do not have a backup. There could also be interruptions to the
routine functioning of the organisations.

Q3.2 Technically

The ransomware is concealed within files like word/PDF sent which can be sent through
emails. The malware can get activated on obsolete operating systems like the Windows
XP. Such obsolete operating systems do not receive security updates making the users
vulnerable to such attacks. The malware requires computers running called Server
Message Block (SMB). Using the loopholes in SMB, it spreads to various computers. This
eliminates the need for the prospective victims to download the file. Once an infection has
taken place, the malware connects with a server to get activated. After the activation of the
malware, it starts encrypting all the important files. This leads to the victim being unable
to access the files. After the encryption has been completed, a message is shown on the
computer screen asking the victim to pay a ransom money. This is a weak spot in the
malware as the malware has to contact with its operator thereby providing a route for
authorities to detect the attackers. To conceal their identity the attackers created a kill-
switch which can cease their link with the malware. The kill-switch in this instance was a
“sink-hole server” which the malware tries to connect. This sinkhole server was an
unregistered domain. The spread of this malware was halted by a researcher registering
this domain leading to the activation of the kill-switch.
(Naidu and Sireesha, 2017) (Winckles, 2017)
List of References

Berr, J. (2017). "WannaCry" ransomware attack losses could reach $4 billion. [online]
cbsnews.com. Available at: https://www.cbsnews.com/news/wannacry-ransomware-attacks-
wannacry-virus-losses/ [Accessed 4 Aug. 2018].

Frost, L. and Tajitsu, N. (2017). Renault-Nissan is resuming production after a global

cyberattack caused stoppages at 5 plants. Business Insider. [online] Available at:
https://www.businessinsider.com/renault-nissan-production-halt-wannacry-ransomeware-
attack-2017-5?IR=T [Accessed 6 Aug. 2018].

Goud, N. (n.d.). British NHS incurred £700,000 loss due to WannaCry Ransomware Attack.
[online] Cybersecurity Insiders. Available at: https://www.cybersecurity-insiders.com/british-
nhs-incurred-700000-loss-due-to-wannacry-ransomware-attack/ [Accessed 4 Aug. 2018].

National Audit Office (NAO). (2017). Investigation: WannaCry cyber attack and the NHS.
[online] Available at: https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-
and-the-nhs/ [Accessed 4 Aug. 2018].

Johnson, T. (2017). Here's one tally of the losses from WannaCry cyberattack. [online]
Phys.org. Available at: https://phys.org/news/2017-05-tally-losses-wannacry-
cyberattack.html [Accessed 6 Aug. 2018].

Jones, S. (2017). Timeline: How the WannaCry cyber attack spread. [online] Ft.com.
Available at: https://www.ft.com/content/82b01aca-38b7-11e7-821a-6027b8a20f23
[Accessed 4 Aug. 2018].

Kostov, N. (2017). WannaCry attack hits Renault, 200,000-plus victims. [online]

MarketWatch. Available at: https://www.marketwatch.com/story/wannacry-attack-hits-
renault-200000-plus-victims-2017-05-15 [Accessed 6 Aug. 2018].

Naidu, K. and Sireesha, P. (2017). A Study on Wannacry Ransomware Attack. International

Journal of Recent Innovation in Engineering and Research, 2(5), pp.82-88.

NHS Digital. (2017). NHS Digital responds to report on WannaCry cyber incident - NHS
Digital. [online] Available at: https://digital.nhs.uk/news-and-events/news-archive/2017-
news-archive/nhs-digital-responds-to-report-on-wannacry-cyber-incident [Accessed 4 Aug.
2018].

Winckles, A. (2017). Here’s how the ransomware attack was stopped – and why it could soon
start again. The Conversation. [online] Available at: http://theconversation.com/heres-how-
the-ransomware-attack-was-stopped-and-why-it-could-soon-start-again-77745 [Accessed 6
Aug. 2018].