2017 WannaCry ransomware attack

The WannaCry ransomware attack was a global cybersecurity incident that occurred in May 2017.

Here are the key details:

  1. Nature of the attack: WannaCry was a 202503211621 - Ransomware cryptoworm that targeted computers running Microsoft Windows operating systems.
  2. Mechanism: The malware encrypted data on infected computers and demanded ransom payments in 202503211714 - Bitcoin cryptocurrency.
  3. Exploit used: WannaCry exploited a vulnerability called EternalBlue, which was developed by the U.S. National Security Agency (NSA) and leaked by a group called The Shadow Brokers.
  4. Spread and impact: The attack began on May 12, 2017, and rapidly spread to over 300,000 computers across 150 countries within a few days.
  5. Targets: Organizations worldwide were affected, including the UK's National Health Service, FedEx, Nissan, and many others.
  6. Damage: Estimates of total damages ranged from hundreds of millions to billions of dollars.
  7. Kill switch: The attack was halted on the same day it began when a security researcher discovered and registered a domain name that acted as a kill switch.
  8. Attribution: The United States of America, United Kingdom, and several other countries formally asserted that North Korea was behind the attack, specifically a hacker group known as the Lazarus group .
  9. Prevention: Microsoft had released patches for the vulnerability two months before the attack, but many organizations had not applied them, leaving their systems vulnerable.

The WannaCry attack highlighted the importance of regular software updates and CyberSecurity preparedness for organizations worldwide.