Ransomware Attack on May 2017
EXECUTIVE SUMMARY
The report is made in the light of the recent ransomware attack on May 12,2017 that caused havoc worldwide. The attack affected a huge number of people and caused financial damage. The report seeks to project the current standing of the efficiency of internet security in comparison to the variety of attacks that is conducted on the same. The report discusses the issue in detail along with the way in which the attack was coordinated. The part of the society which is affected and the way they are affected is also discussed here. The possible remedies to such attack has also been provided in the report.
1. Introduction
Cyber security is perhaps the most pressing concern for the current world order. The exponential growth in the frequency of cyber-attacks and the rate of evolution of the types of cyber-threats have forced the protectors of cyber world to stay vigilant always. It has become a race between the protector and the attacker and it seems that the attacker always manages to stay a step ahead (Sales, 2012). The report focusses on this fact by introducing the incident of a recent ransomware attack worldwide that has caused turmoil throughout the globe.
2. Discussion
The report discusses in detail the incident, the mode of the attack, the part of the society which is affected the most and the way they are affected, lastly, the possible remedies to such problems.
2.1. About WANNACRY
The WANNACRY initiated its attack on May 12, 2017 by a hacker group known as The Shadow Brokers that spread and affected worldwide. It is a ransomware crypto worm that attacked those computers, which is running any version of Microsoft Windows as its operating system (Mohurle & Patil, 2017). The attack was carried out by encrypting various contents of the system including the operating system and demanding payments as ransom in the form of bitcoin crypto currency. The hacker group claimed that after receiving the demanded payment they would provide a decryption key to the victim, using which the victim can restore the computer to its previous status (Mohurle & Patil, 2017).
The ransomware violates a glitch of Windows’ Server Message Block (SMB)
protocol, known as EternalBlue, to enter the targeted system. It was later found that this glitch was originally identified by the United States National Security Agency (NSA), who stored it for carrying out other offensive operations rather than reporting it to Microsoft Corporation (Swenson, 2017). The glitch was later found by Microsoft a few months prior to the ransomware attack and it immediately launched security bulletin, on March 14, 2017, which explained the problem in detail and informed the release of security updates for all
Windows versions, which were supported by Microsoft; namely Windows 7/8.1/10/Server 2008/Server 2012/Server 2016/Vista (Renaud, 2017). However, there were many users who did not install the necessary patch at that time and were affected when two months later, on May 12, 2017 the ransomware attack initiated. There were also many people who were using unsupported version of Windows in their system like Windows XP / Server 2003. Those were the first to get affected by the attack (Renaud, 2017).
2.2. Mode of the Attack
The infection WANNACRY has the same attack signature as most advanced
ransomware. It infects a computer by finding and encrypting a range of vital system files. The user is prohibited to access the system and view or retrieve any content from the same (Shackelford, 2017). A ransom note is displayed on the computer monitor that asks the user to pay up a one-time ransom of 300 - 600 US dollar worth of bitcoin crypto currency. The ransom is required to be delivered to receive the process of decryption that will free the affected computer from the ransomware (Shackelford, 2017).
2.3. Effect of WANNACRY on the world
The ransomware attack took a toll on over 230,000 computers in 150 different countries within a day. The National Health Service (NHS) of United Kingdom was partially infected by the attack, forcing it to carry out certain functions on an emergency basis during the outbreak (Collier, 2017). Certain organisations of Spain like Deutsche Bahn, Telefonica and FedEx were also infected along with many other organisations worldwide (Collier, 2017). The general mass throughout the world were veritably affected and the damage caused to the number of personal computers were gigantic (Collier, 2017). The ransomware attack left the victim with the choice either to pay up the required ransom with no guarantee that the affected system will be cured of the infection even after the ransom is payed; or not to pay and accept the damage done (Walkinshaw, 2017).
2.4. Possible Remedies Conjured
A remedy was conjured within a short time after the beginning of the outbreak by a
22-year-old web security researcher hailing from North Devon, England known as Marcus Hutchins (Gandhi, 2017). He found a way to kill the infection by registering a domain name that he identified in the code of WANNACRY. This discovery hindered the spread of the infection greatly, pausing the initial attack on Monday, May 15, 2017 (Gandhi, 2017). However, newer versions of the ransomware were detected from which the kill-switch was removed. Under certain circumstances, some researchers claimed that they found ways to retrieve data from infected computers (Gandhi, 2017). Microsoft on their part had launched security patches as soon as possible that detected the vulnerability of EternalBlue in a computer running Windows Operating System of both supported and unsupported versions and removed them, thereby rendering the ransomware useless (Gandhi, 2017). It is claimed by security experts that within four days of the outbreak most organisations had applied updates which had slowed down the spread of the infection considerably. Detailed technical write ups were also released by many organisations like Malwarebytes, McAfee, Microsoft, Symantec and Cisco that helped to prevent the infection a lot (Gandhi, 2017).
3. Conclusion
The report concludes with the awareness that a determined mind is hard to stop. However, equal or stronger determination can prevent catastrophe. Therefore, the protectors of cyber security should always have the determination to protect the cyber world against its attackers that should be stronger than the determination of those who seek to hamper it. The threat to cyber security is a disease that is better to keep at check always and to eradicate completely if possible.
4. References
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International
Journal of Computer Applications, 168(3).
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
- International Journal, 8(5).
Renaud, K. (2017). It makes you Wanna Cry.
Sales, N. A. (2012). Regulating cyber-security.
Shackelford, S. (2017). Exploring the ‘Shared Responsibility’of Cyber Peace: Should Cybersecurity Be a Human Right?.
Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from
WannaCry.
Walkinshaw, N. (2017). What Is Software Quality, and Why Does it Matter?. In Software
Quality Assurance (pp. 7-21). Springer, Cham.