fbpx

WannaCry: WannaCrypt Ransomware in Action

On Friday, 5th May 2017,  a variant of WannaCrypt Ransomware (WannaCry) started spreading across the globe. It targeted a vulnerability in the SMB protocol, and leveraged an exploit stolen from the NSA (ETERNALBLUE) to do so. Variants were observed over the weekend, but they were either using the same kill switch domain, or a different one that was easily identified and purchased so the malware wouldn’t spread.

The report of this ransomware attack spread over the weekend and took less time than expected to get fame all over the world. Many have tweeted and spread awareness about this newly spread ransomware.

One particular vulnerability in Windows, leaked by a shady crew called Shadow Brokers, was used by the WannaCry hackers to give their ransomware a worm feature, allowing it to spread between vulnerable PCs silently and at speed. That flaw was exploited by a tool called EternalBlue and was patched by Microsoft in mid-March, but those who didn’t apply the update were still open to attack, resulting in affecting 48 UK National Health Service trusts, FedEx, Telefonica, Renault and Nissan car manufacturing plants, U.S. universities, Russian governments and Chinese ATMs, amongst many other systems across 150 countries.

However, a UK security researcher known as “MalwareTech“, who helped to limit the ransomware attack, had predicted “another one coming… quite likely on Monday”.
MalwareTech, whose name was revealed in UK media to be 22-year-old Marcus Hutchins, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...