Scribd
Upload
51 views26 pages

WannaCry Ransomware Presentation

The WannaCry ransomware attack in May 2017 affected over 300,000 computers across 150 countries, exploiting a vulnerability in Microsoft Windows systems to demand ransom payments in Bitcoin. Its rapid spread impacted critical sectors like healthcare and telecommunications, leading to significant financial losses estimated between $4 to $8 billion. Key lessons from the attack emphasize the importance of timely security patches, robust backup strategies, and improved network security practices.

Uploaded by

cocakar2016mym
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views26 pages

WannaCry Ransomware Presentation

The WannaCry ransomware attack in May 2017 affected over 300,000 computers across 150 countries, exploiting a vulnerability in Microsoft Windows systems to demand ransom payments in Bitcoin. Its rapid spread impacted critical sectors like healthcare and telecommunications, leading to significant financial losses estimated between $4 to $8 billion. Key lessons from the attack emphasize the importance of timely security patches, robust backup strategies, and improved network security practices.

Uploaded by

cocakar2016mym
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

WannaCry Ransomware

A Global Cybersecurity Wake-Up Call

GROUP 6
Ye Yint Phyo Wai Yan Tun
Khine Hsu Thwel Arkar Hmue Htet
Shoon Myat Maung Maung Yoon Nay Chi Tun
Myat Thida Khin
Table of contents

01
Introduction
04
Lesson Learned
02
Attack Mechanism
05
Prevention
03
Impact
01

Introduction
Overview of Ransomware

Definition: Ransomware blocks access to systems until a


ransom is paid.

How It Works: Spreads through phishing emails or system


vulnerabilities; encrypts files.
Evaluation of Ransomware

[Link] Trojan (PC Cyborg) - 1989 6. WannaCry - 2017

[Link] - 2013 7. NotPetya - 2017

[Link] - 2014 8. Ryuk - 2018–Present

[Link] - 2015 9. Sodinokibi (REvil) - 2019–2021

[Link] - 2016 10. Colonial Pipeline Attack - 2021


Overview of WannaCry
An attack from May 2017 that targeted Microsoft Windows systems
Demanded payment in Bitcoin for data decryption.
Affected over 300,000 computers across 150 countries
Spread via the EternalBlue exploit across networks
Impacted healthcare, telecommunications, and transportation sectors.
Was Powered by EthernalBlue Exploit
EthernalBlue Exploit
Definition: Security vulnerability in Microsoft’s SMB protocol, exploited
by WannaCry.
Discovery: Developed by the NSA, leaked by Shadow Brokers.
Role in WannaCry: Enabled rapid spread by moving laterally across
networks.
Take advantage of the flaw in network file-sharing protocol in Microsoft
computers
02

Attack
Mechanism
Attack Mechanism
Wannacry spread autonomously across networks without requiring
user interaction

Encrypts files on the hard drive and render files inaccessible to user

Displays a ransom note on the infected system and note included a


countdown timer
Attack Mechanism
Send crafted packets to unpatched systems to execute arbitrary code
and install itself on the target machine by exploited a critical
vulnerability in the Server Message Block (SMB) protocol.

After infecting a single machine, scan for vulnerable devices on the same
network and attempted to exploit them
SMB protocol

SMB v1 developed in 1983 has a remote arbitrary code execution


vulnerability that allows attackers to execute code in victim’s computer.
EternalBlue takes advantage of the vulnerability to gain unauthorized
access to systems.
After the Infection the ransomware encrypts files on the infected
system.

Worm-like Behavior
Attempts to connect to an unregistered domain (kill switch).
If it fails, it scans for Port 445 to find other vulnerable systems
running SMB v1.
Spreads rapidly across the network, infecting any connected
devices.
Arkar
Target
Primarily targeted organizations which used outdated security versions
of the Microsoft Windows operating system

Global Spread and reach


Infecting over 300,000 computers in more than 150 countries within a
day
Targeted various sectors, including Healthcare, Telecommunicaton and
Government Institutions
Notable attack
National Health Service (NHS)
lock the file for each computer of NHS/ Computers go down 1 by 1

Telefonica (Major Telecommunication company)


unable to access critical system and data

FedEx (U.S delivery company)


affected its information technology systems and its service

Russia’s Ministry of Internal Affairs (1000 computers infected)


03

Impact
Impact
Financial impact
The global economic impact was estimated around 4 to 8 billions dollars

Costs of restoring systems from backups, rebuilding IT infrastructure

Equipment & Systems


Rendered equipment and systems to become inoperable or unavailable
leading to the closure of emergency rooms and lifesaving
devices like magnetic resonance imaging (MRI) becoming
ineffective.
Reputation Damage
Public Trust
Loss of public trust due to their perceived inability to protect sensitive
data

Example - During attack to NHS , hospital were forced to cancel appointments , emergency
services

Relationship
strained relationships with business partners as organizations were
seen as vulnerable to cyber threats
04

Lesson Learned
Lessons Learned
Failure to Apply Security Patches

End-of-Life Systems Vulnerabilities

Insufficient Backup and Recovery Strategies

Weak Network Security Practices

Arkar
05

Prevention
Security Patches and Updates

Enforce Patch Management Policies

Focus on End-of-Life Systems

Automate Updates
Backup and Recovery Strategies

3-2-1 Backup Rule Disaster Recovery Plans


Ensure you have 3 copies of Develop and maintain a disaster
your data, stored on 2 different recovery plan that includes
types of media, with 1 copy off- detailed steps for data recovery
site. and system restoration.
Regular Testing
Periodically test your backup
and recovery processes to
ensure data can be restored
quickly and completely.
Prevention - Network Security Practices
tion
nta
e
gm ID
Se S/
IP
S

k
or
tw
Ne
Zero Tr

ts
u d
ust

r A
la
Se

g u
it y Re
cu
r

Mo
del
FUN FACT

The Accidental Hero of WannaCry Attack

Marcus Hutchins, a researcher at Kryptos Logic in LA.


Hutchins noticed reports of ransomware rapidly affecting
NHS systems in the UK.
Ran a sample in a virtual environment and discovered it was trying to connect to an
unregistered domain.
Registered the unregistered domain for $10.69,
unintentionally activating the malware's kill switch.
This action halted the WannaCry infection.
Hutchins later admitted the halt was an accidental discovery.

Arkar
Any Questions?

You might also like