Executive Summary
Cyber security is one of the most important components of protecting digital systems, networks, and data from a variety of cyber threats. This executive summary emphasizes the importance of proactive security measures in preventing incidents such as data breaches, ransomware attacks, and unauthorized access. With the use of advanced tools, regular monitoring, and user education, organizations can protect sensitive information and ensure continuity of operations. In a digital environment, cyber security is not only important to protect against possible financial losses and reputational damage, but also to strengthen trust among clients and stakeholders.
Introduction
The purpose of cyber security is to protect systems, networks, and data from cyber attacks, theft, and damage. The term refers to practices and technologies designed to counter threats such as malware, ransom ware, and phishing, which target personal and organizational information. An effective cyber security program protects data integrity, confidentiality, and availability, preventing financial loss and maintaining privacy in an increasingly digital environment.
Problem Statement: WannaCry ransomware
The WannaCry ransomware attack was one of the largest and most destructive cyberattacks in history in May 2017. As a result of exploiting a known vulnerability in Microsoft Windows, this malware spread quickly across networks, encrypting files and demanding ransom payments. Over 150 countries were affected by WannaCry, which wreaked havoc in multiple sectors, including healthcare, transportation, and manufacturing.
WannaCry exploited a vulnerability in the Server Message Block (SMB) protocol (CVE-2017-0144), which was used by computers to share files and printers. Specifically, this vulnerability was found in the EternalBlue exploit, developed by the U.S. National Security Agency (NSA), and then released by the Shadow Brokers. In order to gain access to vulnerable systems, WannaCry deployed the DoublePulsar backdoor, allowing the ransomware to be installed and spread across networks without user interaction. WannaCry was a combination of a ransomware program and a worm, which facilitated its rapid spread.
Upon compromise, WannaCry encrypts a wide range of files, including documents, images, and databases, using strong encryption techniques. In the subsequent ransom note, the malware demands a payment between $300 and $600 in Bitcoin. As a result, it threatened to double the ransom after a specific period of time and warned that the encrypted files would be deleted if the ransom was not paid in a timely manner.
Global Impact
There were devastating effects across a wide range of industries as a result of the attack. More than 70,000 devices, including computers, MRI scanners, and blood storage systems, were damaged in the UK's National Health Service (NHS). As a result, thousands of medical appointments and surgeries were cancelled, causing a significant disruption in healthcare services. Several transportation and logistics companies, such as FedEx and Deutsche Bahn, also experienced significant disruptions, while Renault-Nissan had to halt production at several factories in France and Japan due to the disruptions.
The global economy was also affected by universities, government agencies, and telecommunication companies. During the attack, widespread damage was caused to critical infrastructure, and the consequences of cyber attacks on essential services were far-reaching.
Security Failures
A primary reason for WannaCry widespread damage was that Microsoft had not released its patch for the SMB vulnerability two months prior to the attack (MS17-010). Most organizations had not updated their systems, especially those that were using outdated operating systems such as Windows XP and Windows Server 2003, which were no longer supported by Microsoft. Furthermore, many organizations lack proper network segmentation, which facilitates the spread of malware across departments as well as critical infrastructure.
In addition, there was a lack of adequate offline backups. Without backups, many organizations were forced to either pay the ransom or suffer significant downtime while attempting to recover their systems.
Prevention and Best Practices
It is important to maintain basic cyber security hygiene in the wake of the WannaCry attack. Protecting against known vulnerabilities requires regular patching and the use of automated patch management tools. By isolating sensitive systems from less secure areas of the network, network segmentation can also help limit the spread of malware within an organization.
It is also recommended that organizations decommission unsupported legacy systems or, if they are to remain in use, they should be isolated from the main network or run in virtual environments. To ensure data recovery following a ransomware attack, organizations should establish regular, offline backups, and test these backups to ensure they can be successfully restored.
Lessons Learned
It was evident from the WannaCry attack that relying on outdated software and failing to implement basic cyber security practices can lead to serious security risks. By patching in a timely manner, segmenting the network, and developing a comprehensive disaster recovery plan, the damage caused by the attack could have been significantly mitigated. In order to reduce the likelihood of future ransomware attacks, organizations should adhere to these best practices.
References:
- Greenberg, A. (2017).WannaCry Ransomware Attack Explained. Wired.
- Microsoft. (2017).WannaCry: A Brief Overview. Microsoft Security Response Center.
