Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

2.1 What was the attack?

Within a day, over 200 000 computers in 150 countries had been infected by WannaCry. Universities, government departments, hospitals, manufacturers, telecommunications companies and many other organisations were affected, including large, well-known companies and organisations such as FedEx, Hitachi, Honda, the National Health Service (England and Scotland), Nissan Motoring Manufacturing UK, O2 Germany, Renault and Telefonica. The malware was of a type known as ransomware, which locks the data files of an infected computer using encryption and demands a ransom payment for unlocking them.

In the UK, the worst-affected organisation was the National Health Service (NHS): around 50 health trusts in England and 13 in Scotland, including hospitals, GP surgeries and pharmacies, were affected (Evenstad, 2017). Problems with emails, clinical IT systems and patient IT systems caused a major disruption. This led to several problems including delays at hospitals, medical equipment malfunctioning, ambulances being diverted to neighbouring hospitals, and cancellation or postponement of non-urgent activities. It was believed that up to 70 000 devices, including computers and medical equipment, were affected (Ungoed-Thomas et al., 2017).

Luckily, the spread of the malware was significantly slowed down by a security researcher, Marcus Hutchins, who accidentally discovered and activated the ‘kill switch’ of the malware the next day, on 13 May 2017. When inspecting the malware’s code, Hutchins noticed an unusually long internet domain name in the code. He checked and found out that the domain name was not registered, so he registered it. Unknown to him at the time, this effectively deactivated the malware from further spreading. Security experts later analysed the code of the malware and confirmed that the malware used the domain name as a kill switch, which can be used by its owner to stop the malware from spreading when things go wrong or out of control. However, the experts warned that variants of the malware that did not have a kill switch could exist or be further developed by attackers.

Although this large-scale attack seemed to come and go quickly, it provided a stark warning of how vulnerable society is to cyber-attacks and how unprepared it is to deal with them. It was just pure luck that the saga ended so soon. The incident also raised a number of questions about data security. For example, how did the malware spread so rapidly? How did it work? Why did a large organisation such as the NHS fail to protect itself?


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371