Analysis WannaCry attacks in 2017

Background
In May 2017, a ransomware software called WannaCry was spread by criminals using
dangerous windows system vulnerability leaked by NSA. By June 13th, WannaCry
ransom virus broke out globally, infecting computers in 99 countries. Cybersecurity
company Avast said they have found 75,000 ransomware cases, and some reports
show that Russia has more infection rates than any other country. The Russian Ministry
of the Interior said that its 1,000 computers have been infected. Some Chinese
university users have been infected and unable to work, which has a huge impact.
("Massive cyber-attack hits 99 countries" 2017)

Attack method
After the infection, the ransomware generates a 256-bit AES key on the victim's PC,
and after the file encryption is completed, the AES key itself is encrypted using a
different RSA asymmetric public key downloaded from the attacker's C&C server. The
generated encrypted AES key will then be stored in the user's encrypted file. Even if
the AES key is stored in each encrypted file on the user's computer, the victim cannot
use it because the attacker controls the RSA private key needed to decrypt it. And ask
the user for the ransom of the private key. (Satheesh et al 2018)

Influences
There are 45 NHS organizations in England and Scotland were disrupted by global
attacks, disrupting hospital doctor appointments. Ambulances in some areas have
been transferred from the hospital, and some doctors have been interrupted.
However, NHS Digital said there is no evidence that patient data has been
compromised. Dr. Chris Mimnagh, who works at the Liverpool Medical Center, said
the attack made some system functions unusable: "Our entire patient records access
via computer - blood results, medical history, drugs. Electronically done when we
lose the clinical system, all of information cannot be accessed." ("NHS services hit by
cyber-attack" 2017). At this accident, 19,000 patient appointment for this event was
cancelled. The NHS assessment has a direct impact of £19 million. Additional IT
support and hiring specialist fees have increased by £73 million. "Databarracks
Managing Director Peter Groucutt said. "In addition to the cost, IT downtime often
creates 'hidden' costs. "NHS has invested £150 million in investment and a new
licensing agreement with Microsoft, hoping to move infrastructure to and patch the
Windows version. NHS also signed a three-year contract with IBM to provide a new
Cyber Security Operations Center (CSOC) to detect the various security risks that the
NHS may face and to provide event response support to NHS organization.
("WannaCry ransomware attacks cost the NHS £92m" 2018)

Reason
Many people think the reason why British hospitals are attacked is hospitals rely on
Windows XP, but Kaspersky Lab's Costin Raiu said that WannaCry has bit infection on
XP, and Windows 7 is the most serious. Windows 7 release in 2009, the most widely
affected version is the x64 version, which is widely used in large organizations.
Security experts also found that attacks are spread mainly by viruses that
automatically find vulnerable machines on the network. Rather than many people
think it is through email-basing.
Malwarebytes analyst Adam McNeil said the virus is more likely to find machines that
are vulnerable to Microsoft system vulnerabilities. He analyzed: "The attacker
launched an action to find the SMB port facing the vulnerable public. Once found, it
will use the new SMB attack to deploy malware and spread to other vulnerable
networks." ("Windows 7 hardest hit by WannaCry worm" 2017)

Conclusion
How to solve the major problems faced by the public under the contemporary
information and communication technology will be an important task in the future.
This is a wake-up call for some companies which use old operating system. It is time
to seriously consider IT security. A column on the Forbes website argues that the
attack vividly demonstrates the importance of secure backup and good security
practices, including installation of the latest security updates on time. (Coughlin
2017)
References:
‘An Investigation on Wannacry Ransomware and its Detection’ 2018, 2018 IEEE Symposium on
Computers and Communications (ISCC), Computers and Communications (ISCC), 2018 IEEE
Symposium on, p. 1

Coughlin, T 2017, "WannaCry Ransomware Demonstrates The Value Of Better Security and
Backups", Forbes.com, retrieved 21 March 2019,
<https://www.forbes.com/sites/tomcoughlin/2017/05/14/wannacry-ransomware-
demonstrations-the-value-of-better-security-and-backups/#73b699db70b8>.

"Massive cyber-attack hits 99 countries" 2017, retrieved 19 March 2019,

<https://www.bbc.com/news/technology-39901382>.

"NHS services hit by cyber-attack" 2017, retrieved 19 March 2019,

<https://www.bbc.com/news/health-39899646>.

"WannaCry ransomware attacks cost the NHS £92m" 2018, , vol. 2018, no. 11, pp. 1-3.

"Windows 7 hardest hit by WannaCry worm" 2017, retrieved 19 March 2019,

<https://www.bbc.com/news/technology-39997581>.