MEMORANDUM
TO: All employees
FROM: [Student Name and any desired title]
DATE: 22nd May, 2018.
SUBJECT: Lax information security in the organization
Owing to the recently undertaken audit on the company, it has come to my attention that there is a huge lax in information security in the organization. There are no coordinated security policies and the few policies that are in pace are not being followed.
With the organization not taking the information security into consideration, we will soon run into the problem of a security breach. As is, there has already been a social engineering attempt where someone hoodwinks another to reveal critical information.
We should therefore be aware of the different security breaches that are commonly used such as phishing and spoofing so that we are not caught unaware and stay on the alert to spot and report any attempts. On the same note, to avoid being a victim, I recommend to do the following, never give critical information to anyone unless they need to know and are authorized to do so, do not open any suspicious looking files and links and also ensure the URL of any link is genuinely for the site it claims to be going to.
I encourage all of us to follow the currently available policies and any other that will be made in order to increase our information security.
Thank you for your cooperation.
Best regards,
[Student name and desired title]
Introduction
Wannacry has been defined to be a worm which is spread by exploiting vulnerabilities that are in the Windows operating system [1] especially the older versions which have since stopped being updated. If installed, WannaCry encrypts all the files then as the name suggests, it demands a ransom payment in exchange for one’s files being decrypted. The ransomware consists of multiple components [2]. These include an application for encryption and decryption of data, files that have the encryption keys and a copy of Tor.
How attack is propagated
Information gathered by studying the DoublePulsar backdoor capabilities enables inking the SMB exploit to the EternalBlue SMB exploit [3]. The ransomware uses a lateral movement technique to spread through the machines in a network. In particular, it makes use of the Windows Server Message Block (SMB) to spread through a network while operating over TCP 45 and 139 [4]. The propagation happens in the “mssecsvc2.0” ServiceHandler function which is in charge of WSAstartup functionality and cryptographic initialization. Therefore, the ServiceHandler will generate two threads that will enable SMB exploitation, the two will infect targets one internal and the other external.
Impact on organizations
The WannaCry ransomware spread so fast that in a single weekend, the victim systems had really grown from 45,000 to a number estimated to be 200,000. The effects of this is that large organizations were crippled [5]. This was as a result of data since the ransomware would affect even the backups. Ransomware are so effective largely due to the downtime and organizations affected said they lost between $5,000 to $20,000 in a single day [6].
To protect an organization from the WannaCry ransomware, it is essential to update software and operating systems of computers as soon as a patch or a new version is released. In this case, WannaCry exploited a vulnerability whose patch Microsoft had already released in a later version but there were still so many victims and Microsoft had to release an emergency patch for the older versions of Windows that they had already stopped supporting.
It is essential that organizations don’t rely only on one form of cyber security. Therefore some of the other methods that can be applied include using an anti-virus, a firewall and regularly backing up key data to off-line hard drives such that even if the networks are attacked they have some data to fall back on [7]. Other than this one shod not open any suspicious emails or attachments and the same should be communicated to all users [8].
Role of incident response planning
An incident report plan outlines the systematic method of approach to be used and management of situations arising from IT security incidents or breaches [9]. Therefore, incident response planning will ensure that very little time is spent in wondering what should be done next.
Role of disaster recovery planning
A disaster recovery plan will outline the different alternatives that can be taken in case of a disaster such as this. Therefore, in this case the disaster recovery plan might include use of off-line hard drives which have the company’s essential data and transferring that to an online server to be used by the organization.
Role of business continuity planning
The business continuity plan outlines the different risks and threats that face an organization [10] and giving the measures for mitigating them such that even if they occur, the organization’s operations will not be interrupted a lot. With business continuity planning, the ransomware attack should have been foreseen and the steps towards preventing or overcoming it also outlined.
Protecting personal computers
The most crucial way of protecting your personal computer from Wannacry and such ransomware is to ensure that your operating system and a software are up to date. This will ensure that you have all the patches that are released for the different software hence reduce the risk of a vulnerability from an older version affecting you when it is exploited.
Another option is to use an anti-malware [11]. This will ensure that any file suspected to be a malware is scraped and dealt with before it affects the system and it is actually not allowed to run.
Even with the latest software and operating system and an anti-malware it is also advised for users to further protect themselves by being wary of any malicious email attachments. This is because no single anti-virus or anti-malware can be strong enough to recognize all malware since they are so many and are always evolving and new ones come up often.
Lessons learned from WannaCry incident
As much as the WannaCry ransomware has caused nightmares to a lot of people, while looking at the silver lining, there are several lessons that one can learn from the WannaCry incident.
The first lesson is to do with patching. Patch always and often. This will ensure you have the latest versions of the software and operating system you run hence your system will not be vulnerable to some of the malware.
Another lesson learned is that the human factor is one of the greatest vulnerability any network has. Therefore, it is essential that end users are properly trained on security awareness to make them alert and able to identify suspicious emails and files. This will ensure that the users do not introduce malware in the network.
From the WannaCry incident, it is also important to learn the importance of backing up data. The backup should involve both online and off-line resources this will ensure that one can quickly recover and go back to original state of stability after such an attack.
The importance of planning is also seen from the incidence. These include business continuity, disaster recovery and incident response planning. With these in place, the confusion that comes after such an incident will be eliminated and one can quickly bounce back to operation. Since all they have to do is follow what is written in the documents as opposed to trying to make up a plan after the incident has occurred.
The final lesson learned is the importance avoidance or prevention software such as anti-viruses and anti-malware. These will prevent the opening or running of any suspicious files and will discard the files. However, malware are also constantly evolving therefore there is need for a more lasting solution since as it is, an anti-malware may not be able to detect all types of malware. This leads to the alternative of blocking malware with threat intelligence such that the malware evolve, the anti-malware will also be evolving by learning the trend for the current malware.
Who is affected
When a ransomware hits, those primarily affected are the organizations or businesses who are victims. However, the problem goes further than that. The problem escalates to a national or even global issue depending on what the business deals with. This is because the attack affects a business’ normal operations and also the financial aspect of the organization which will affect the economy as a whole.
Other than that, the clients of the business will also be immensely affected since they will be denied the product or service for the time when the organization is still restructuring to come back for normal operations and it might even lose the business some clients who will opt for other alternative services or products from the organization’s competitors.
References
[1]”Ransom.Wannacry | Symantec”, Symantec.com, 2018. [Online]. Available: https://www.symantec.com/en/sg/security-center/writeup/2017-051310-3522-99. [Accessed: 22- May- 2018].
[2]J. Fruhlinger, “What is WannaCry ransomware, how does it infect, and who was responsible?”, CSO Online, 2018. [Online]. Available: https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html. [Accessed: 22- May- 2018].
[3]A. McNeil, “How did the WannaCry ransomworm spread? – Malwarebytes Labs”, Malwarebytes Labs, 2018. [Online]. Available: https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/. [Accessed: 22- May- 2018].
[4]A. Singh, “WannaCry Ransomware Analysis: Lateral Movement Propagation – Acalvio”, Acalvio, 2018. [Online]. Available: https://www.acalvio.com/wannacry-ransomware-analysis-lateral-movement-propagation/. [Accessed: 22- May- 2018].
[5]J. Kennedy, “Impact of WannaCry: Major disruption as organisations go back to work”, Silicon Republic, 2018. [Online]. Available: https://www.siliconrepublic.com/enterprise/wannacry-impact-organisations-attack. [Accessed: 22- May- 2018].
[6]”Effect of Rasomware on Businesses and Organisations”, Cloud Central, 2018. [Online]. Available: https://cloudcentral.co.uk/articles/effect-of-ransomware-on-business/. [Accessed: 22- May- 2018].
[7]M. Wall and M. Ward, “WannaCry: What can you do to protect your business?”, BBC News, 2017. [Online]. Available: https://www.bbc.com/news/business-39947944. [Accessed: 22- May- 2018].
[8]M. Lee, “9 Crucial Steps To Protect Your Organization From WannaCry Threat”, SWC, 2017. [Online]. Available: https://www.swc.com/blog/security/protect-organization-wannacry-right-now. [Accessed: 22- May- 2018].
[9]”What is an Incident Response Plan? – Definition from Techopedia”, Techopedia.com, 2018. [Online]. Available: https://www.techopedia.com/definition/16513/incident-response-plan. [Accessed: 22- May- 2018].
[10]Investopedia Staff, “Business Continuity Planning (BCP)”, Investopedia, 2018. [Online]. Available: https://www.investopedia.com/terms/b/business-continuity-planning.asp. [Accessed: 22- May- 2018].
[11]”WannaCry ransomware – what it is and how to protect your PC | Avast”, Avast.com, 2018. [Online]. Available: https://www.avast.com/c-wannacry. [Accessed: 22- May- 2018].
[12]A. Hern, “How to protect your computer against the ransomware attack”, the Guardian, 2018. [Online]. Available: https://www.theguardian.com/technology/2017/may/15/windows-xp-patch-wannacry-ransomware-wecry-wanacrypt0r. [Accessed: 22- May- 2018]
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download