WannaCry ransomware attack
Screenshot of the ransom note left on an infected system
|
|
| Date | 12 May 2017 – 15 May 2017 (initial outbreak) |
|---|---|
| Location | Worldwide |
| Also known as | Transformations: Wanna → Wana Cryptor → Crypt0r Cryptor → Decryptor Cryptor → Crypt → Cry Addition of "2.0" Short names: Wanna → WN → W Cry → CRY |
| Type | Cyberattack |
| Theme | Ransomware encrypting files with $300 – $600 demand (via bitcoin) |
| Cause |
|
| Outcome | Over 200,000 victims and more than 300,000 computers infected |
The WannaCry ransomware attack was a worldwide cyberattack by the WannaCryransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin .
The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain's National Health Service (NHS), Spain's Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide. Shortly after the attack began, a web security researcher who blogs as "MalwareTech" discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances.
WannaCry propagates using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue, and issued a "critical" security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows. but many organizations had not yet applied it.
...
Wikipedia