Ransomware

WannaCry

First seen: 2017-05 • Status: inactive

Currently Inactive

WannaCry spread like wildfire in 2017 using a leaked NSA hacking tool. It hit hospitals, businesses, and government in 150 countries.

Overview

WannaCry was a worm-like ransomware that exploited EternalBlue. It infected 200,000+ systems in 150 countries in just hours. Attributed to North Korea.

Also Known As

WannaCrypt, WCry

How It Spreads

  • EternalBlue exploit (MS17-010)
  • Self-propagating worm

What It Does

  • Worm propagation
  • File encryption
  • Low ransom demands

Is your business exposed?

Target Platforms

Windows 7, Windows XP

Detection Tips

  • Patch MS17-010
  • Monitor for worm-like behavior

MITRE ATT&CK Techniques

T1486, T1210

If You're Infected

  1. 1.

    Free decryptor for some variants

  2. 2.

    Patch all systems against MS17-010

Related Malware

Notpetya

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices