My OpenLearn Profile

Personalise your OpenLearn profile, save your favourite content and get recognition for your learning

Create account / Sign in

Course content Course content

Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

2.1 What was the attack?

Within a day, over 200 000 computers in 150 countries had been infected by WannaCry. Universities, government departments, hospitals, manufacturers, telecommunications companies and many other organisations were affected, including large, well-known companies and organisations such as FedEx, Hitachi, Honda, the National Health Service (England and Scotland), Nissan Motoring Manufacturing UK, O2 Germany, Renault and Telefonica. The malware was of a type known as ransomware, which locks the data files of an infected computer using encryption and demands a ransom payment for unlocking them.

In the UK, the worst-affected organisation was the National Health Service (NHS): around 50 health trusts in England and 13 in Scotland, including hospitals, GP surgeries and pharmacies, were affected (Evenstad, 2017). Problems with emails, clinical IT systems and patient IT systems caused a major disruption. This led to several problems including delays at hospitals, medical equipment malfunctioning, ambulances being diverted to neighbouring hospitals, and cancellation or postponement of non-urgent activities. It was believed that up to 70 000 devices, including computers and medical equipment, were affected (Ungoed-Thomas et al., 2017).

Luckily, the spread of the malware was significantly slowed down by a security researcher, Marcus Hutchins, who accidentally discovered and activated the ‘kill switch’ of the malware the next day, on 13 May 2017. When inspecting the malware’s code, Hutchins noticed an unusually long internet domain name in the code. He checked and found out that the domain name was not registered, so he registered it. Unknown to him at the time, this effectively deactivated the malware from further spreading. Security experts later analysed the code of the malware and confirmed that the malware used the domain name as a kill switch, which can be used by its owner to stop the malware from spreading when things go wrong or out of control. However, the experts warned that variants of the malware that did not have a kill switch could exist or be further developed by attackers.

Although this large-scale attack seemed to come and go quickly, it provided a stark warning of how vulnerable society is to cyber-attacks and how unprepared it is to deal with them. It was just pure luck that the saga ended so soon. The incident also raised a number of questions about data security. For example, how did the malware spread so rapidly? How did it work? Why did a large organisation such as the NHS fail to protect itself?

Previous 2 Case study 1: WannaCry

Next 2.2 How did it work?

Take your learning further

Making the decision to study can be a big step, which is why you’ll want a trusted University. We’ve pioneered distance learning for over 50 years, bringing university to you wherever you are so you can fit study around your life. Take a look at all Open University courses.

If you’re new to university-level study, read our guide on Where to take your learning next, or find out more about the types of qualifications we offer including entry level Access modules, Certificates, and Short Courses.

Want to achieve your ambition? Study with us and you’ll be joining over 2 million students who’ve achieved their career and personal goals with The Open University.

Browse all Open University courses

My OpenLearn Profile

About this free course

Author

Become an OU student

Download this course

Share this free course

2.1 What was the attack?