KEEPNET LABS > Blog > WannaCry Ransomware Attack: All You Should Know

WannaCry Ransomware Attack: All You Should Know

WannaCry is ransomware that infects itself by exploiting a vulnerability in the Windows Server Message Block (SMB) protocol. The malware encrypts victims’ data and demands cryptocurrency to decrypt them. WannaCry encrypted hundreds of thousands of devices in over 150 countries in a matter of hours.

WannaCry Ransomware Attack: All You Should Know

WannaCry ransomware infected thousands of computers in May 2017, encrypting hundreds of thousands of devices in over 150 countries in a matter of hours. This malware encrypted victims’ data and demanded cryptocurrency to decrypt them.

Free phishing test for employees.

1. What is WannaCry Ransomware?

WannaCry is ransomware that infects itself by exploiting a vulnerability in the Windows Server Message Block (SMB) protocol, which allows Windows machines on a network to communicate with one another, and specially crafted packets could trick Microsoft’s implementation into executing an attacker’s code.

Want to try our phishing risk test for free? Contact us now!

2. How did WannaCry spread?

Wannacry managed to infect 230,000 users globally with ransomware by exploiting Windows security flaws via the Internet. The ability of the virus to transmit itself to other systems via infected linked devices has increased the risk to the point of disaster. Even if the first wave of assaults is defeated, if the self-renewing later versions of attacks are not taken seriously and the necessary actions are not performed, the information saved in the first wave may be permanently lost.

3. Risk of Infection Via Email

Wannacry has begun to spread via e-mail after being infected by exploiting a Windows security flaw via the Internet. Wannacry software has also penetrated business internal networks with connections to emails and hazardous information. According to cyber threat intelligence firms, the actual major threat will start with business network infection.

4. WannaCry Components

  • The DoublePulsar dropper, a self-contained program that selects the other elements
  • A program that could encrypt and decrypt data
  • Records include encryption keys
  • An open-source software application allowing secret conversation

Want to try our phishing test for free? Contact us now!

5. The Effect of the WannaCry Attack

WannaCry ransomware burst in 2017, infecting over 230,000 systems worldwide and costing billions of dollars. Despite the fact that new strains of this ransomware were discovered in 2018, the attack had a significant impact on two industries: healthcare and large manufacturers.

6. Who created WannaCry?

The US believes that Park Jin Hyok, a 34-year-old North Korean, is one of the many individuals behind a long string of malware attacks and interventions.

7. Who Stopped the WannaCry Ransomware?

Marcus Hutchins, better known by his nickname MalwareTech, has been charged with two felonies related to the creation and distribution of malware. Hutchins was hailed as a hero in May 2017 for his involvement in halting the global spread of the WannaCry ransomware.

Are your Email Security Products Ready Against Ransomware?  Use our anti-phishing tools and test yourself for free.

Email services are entry points for cyberattacks, that is to say, over 97% of successful attacks occur via email. Test your email vulnerability and see your email risks against Ransomware attacks using the Email Threat Simulator – Keepnet Labsulation.

Centralize Suspicious Email Reporting and Get Support from Experts

With the Keepnet Outlook Phishing Reporter add-in, users can report suspicious emails to cybersecurity administrators with a single click and receive immediate support after automated analysis. To have the Phishing Reporter add-in contact us and start using it.

Free phishing test for your employees, try now!

Editor’s note: This post is updated on 22 Aug 2022

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.