WannaCry
What is WannaCry?
WannaCryA May 2017 self-propagating ransomware worm that used the leaked NSA SMBv1 exploit EternalBlue to encrypt files on over 200,000 systems in 150 countries.
WannaCry, also known as WannaCrypt or WCry, is a ransomware worm that emerged on 12 May 2017 and infected more than 200,000 Windows systems across 150 countries within days. It combined the EternalBlue SMBv1 exploit and the DoublePulsar backdoor, both leaked by the Shadow Brokers, to spread automatically across unpatched networks. Notable victims included the UK National Health Service, Telefonica, FedEx, Renault and Deutsche Bahn. The malware encrypted files and demanded around 300 USD in Bitcoin per host. A kill switch domain discovered by Marcus Hutchins slowed the outbreak. The US, UK and others attributed WannaCry to North Korea's Lazarus Group.
● Examples
- 01
An unpatched NHS workstation is encrypted within hours of WannaCry's initial spread and brings several hospitals offline.
- 02
Defenders block TCP/445 at the perimeter and force the MS17-010 patch on every Windows asset.
● Frequently asked questions
What is WannaCry?
A May 2017 self-propagating ransomware worm that used the leaked NSA SMBv1 exploit EternalBlue to encrypt files on over 200,000 systems in 150 countries. It belongs to the Malware category of cybersecurity.
What does WannaCry mean?
A May 2017 self-propagating ransomware worm that used the leaked NSA SMBv1 exploit EternalBlue to encrypt files on over 200,000 systems in 150 countries.
How does WannaCry work?
WannaCry, also known as WannaCrypt or WCry, is a ransomware worm that emerged on 12 May 2017 and infected more than 200,000 Windows systems across 150 countries within days. It combined the EternalBlue SMBv1 exploit and the DoublePulsar backdoor, both leaked by the Shadow Brokers, to spread automatically across unpatched networks. Notable victims included the UK National Health Service, Telefonica, FedEx, Renault and Deutsche Bahn. The malware encrypted files and demanded around 300 USD in Bitcoin per host. A kill switch domain discovered by Marcus Hutchins slowed the outbreak. The US, UK and others attributed WannaCry to North Korea's Lazarus Group.
How do you defend against WannaCry?
Defences for WannaCry typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for WannaCry?
Common alternative names include: WannaCrypt, WCry, WanaCryptor.
● Related terms
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
- vulnerabilities№ 389
EternalBlue (CVE-2017-0144)
An NSA-developed exploit for a 2017 Microsoft SMBv1 remote code execution vulnerability, leaked by the Shadow Brokers and used by WannaCry and NotPetya.
- malware№ 207
Computer Worm
Self-replicating malware that propagates across networks autonomously, without requiring a host file or user interaction.
- defense-ops№ 802
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
● See also
- № 1027Shadow Brokers Leak