Quantexa Case Studies Media Monitoring and Analysis of WannaCry Malware Attack

Edit This Case Study Record

	Media Monitoring and Analysis of WannaCry Malware Attack Quantexa

Media Monitoring and Analysis of WannaCry Malware Attack

Quantexa

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Malware Protection
Applicable Industries	Equipment & Machinery National Security & Defense
Applicable Functions	Sales & Marketing
Use Cases	Cybersecurity Tamper Detection
Services	Cybersecurity Services System Integration
Challenge	The WannaCry malware attack was one of the most significant worldwide cyber attacks in history. The attack began on May 12th and within a few days, it had infected over 213,000 machines in 70 countries, paralyzing computer systems in hospitals, factories, and transport networks as well as personal devices. The ransomware virus encrypted all data on the infected computers, with users only able to decrypt their data after paying a ransom to the hackers. The attack was enabled by tools that exploit security vulnerabilities in Windows called DoublePulsar and EternalBlue. These tools were originally discovered by the National Security Agency (NSA) in the US, but were leaked by a hacker group called The Shadow Brokers in early April 2017. The challenge was to understand the media coverage of WannaCry before the news of the attack broke and afterwards, as details of the attack began to surface. Read More
About Customer	The customer in this case study is not explicitly mentioned. However, the analysis and insights provided by the News API would be beneficial to a wide range of stakeholders. These could include cybersecurity professionals, IT departments in various organizations, government agencies, and even individual users who were affected by the WannaCry attack. The insights could help these stakeholders understand the nature of the attack, its impact, and how it was covered in the media. This could in turn help them develop more effective strategies for dealing with such attacks in the future. Read More
Solution	The solution involved analyzing the news articles published about WannaCry and malware in general, with the help of visualizations to look at three aspects: warning signs in the content published before the attack; how the story developed in the first days of the attack; and how the story spread across social media channels. By creating a list of the hacking tools dumped online in early April and tracking mentions of these tools, definite warning signs were identified. The stories endpoint was used to collect the articles that contributed to the second spike in story volumes, around April 25th. The trends endpoint of the News API was used to understand what organizations and companies were mentioned in the news alongside the WannaCry attack. The stories endpoint was also used to rank WannaCry stories by their share counts across social media to get an understanding into what people shared about WannaCry. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Malware Protection

Applicable Industries

Equipment & Machinery

National Security & Defense

Applicable Functions

Sales & Marketing

Use Cases

Cybersecurity

Tamper Detection

Services

Cybersecurity Services

System Integration

Challenge

The WannaCry malware attack was one of the most significant worldwide cyber attacks in history. The attack began on May 12th and within a few days, it had infected over 213,000 machines in 70 countries, paralyzing computer systems in hospitals, factories, and transport networks as well as personal devices. The ransomware virus encrypted all data on the infected computers, with users only able to decrypt their data after paying a ransom to the hackers. The attack was enabled by tools that exploit security vulnerabilities in Windows called DoublePulsar and EternalBlue. These tools were originally discovered by the National Security Agency (NSA) in the US, but were leaked by a hacker group called The Shadow Brokers in early April 2017. The challenge was to understand the media coverage of WannaCry before the news of the attack broke and afterwards, as details of the attack began to surface.

About Customer

The customer in this case study is not explicitly mentioned. However, the analysis and insights provided by the News API would be beneficial to a wide range of stakeholders. These could include cybersecurity professionals, IT departments in various organizations, government agencies, and even individual users who were affected by the WannaCry attack. The insights could help these stakeholders understand the nature of the attack, its impact, and how it was covered in the media. This could in turn help them develop more effective strategies for dealing with such attacks in the future.

Solution

The solution involved analyzing the news articles published about WannaCry and malware in general, with the help of visualizations to look at three aspects: warning signs in the content published before the attack; how the story developed in the first days of the attack; and how the story spread across social media channels. By creating a list of the hacking tools dumped online in early April and tracking mentions of these tools, definite warning signs were identified. The stories endpoint was used to collect the articles that contributed to the second spike in story volumes, around April 25th. The trends endpoint of the News API was used to understand what organizations and companies were mentioned in the news alongside the WannaCry attack. The stories endpoint was also used to rank WannaCry stories by their share counts across social media to get an understanding into what people shared about WannaCry.

Impact #1	The analysis of the media coverage of the WannaCry attack provided valuable insights into the nature and impact of the attack. It revealed warning signs in the content published before the attack, showing that an effective media monitoring strategy could potentially alert stakeholders to such threats in advance. The analysis also showed how the story developed in the first days of the attack and how it spread across social media channels. This could help stakeholders understand the public's reaction to the attack and the spread of information about it. Furthermore, the analysis identified the most mentioned organizations in news articles about the attack, which could provide insights into the entities most affected by or involved in the attack.

Impact #1

The analysis of the media coverage of the WannaCry attack provided valuable insights into the nature and impact of the attack. It revealed warning signs in the content published before the attack, showing that an effective media monitoring strategy could potentially alert stakeholders to such threats in advance. The analysis also showed how the story developed in the first days of the attack and how it spread across social media channels. This could help stakeholders understand the public's reaction to the attack and the spread of information about it. Furthermore, the analysis identified the most mentioned organizations in news articles about the attack, which could provide insights into the entities most affected by or involved in the attack.

Benefit #1	Over 213,000 machines in 70 countries were infected by the WannaCry attack.
Benefit #2	In the first six days after the attacks, the hackers received over USD$90,000 through over 290 payments.
Benefit #3	Over 200,000 computers were infected by the WannaCry attack.

Benefit #1

Over 213,000 machines in 70 countries were infected by the WannaCry attack.

Benefit #2

In the first six days after the attacks, the hackers received over USD$90,000 through over 290 payments.

Benefit #3

Over 200,000 computers were infected by the WannaCry attack.

Download PDF Version

Overview

Media Monitoring and Analysis of WannaCry Malware Attack

Operational Impact

Quantitative Benefit