Hands On Cybersecurity Studies: Multi Perspective Analysis Of The WannaCry Ransomware

Abstract

When the WannaCry ransomware was first launched in May 2007, it led to devastating impacts due to the continued use of unpatched and vulnerable software. In this technical report, we describe one of the earlier versions of the ransomware and then provide a series of steps, in the form of an educational exercise, to set up and analyze the malware. We include a multi-perspective analysis of the malware using system observation, network packet analysis, and reverse engineering. In the final steps of the exercise, we describe near-term fixes to stop the malware spread (by implementing a kill switch, which is uncovered through the exercise) and also longer-term mitigations and best practices to protect against similar malware in the future.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 29, 2019
Accession Number
AD1067077

Entities

People

  • Adriana Escobar De La Torre
  • Jaime C. Acosta
  • Salamah Salamah

Organizations

  • United States Army Research Laboratory

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Application Protocols
  • Availability
  • Classification
  • Communication Channels
  • Communications Protocols
  • Computer Programming
  • Computer Programs
  • Contracts
  • Cybersecurity
  • Department Of Defense
  • Electronic Mail
  • Engineering
  • Graphical User Interface
  • Information Operations
  • Information Science
  • Instructions
  • Internet
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Learning
  • Malware
  • Military Research
  • Monitoring
  • Network Protocols
  • Operating Systems
  • Security
  • Standards
  • User Interface
  • Virtual Machines

Readers

  • Data Mining and Knowledge Discovery.
  • Software Engineering.
  • Strategic Security Studies

Technology Areas

  • Cyber