Screenshot of the ransom note left on an infected system
Alias
Transformations:
Wanna → Wana
Cryptor → Crypt0r
Cryptor → Decryptor
Cryptor → Crypt → Cry
Addition of "2.0"
Short names:
Wanna → WN → W
Cry → CRY
Type
Worm
Subtype
Ransomware
Origin
Pyongyang, North Korea (not confirmed)
Cyberattack event
Date
12 May 2017 – 15 May 2017 (initial outbreak)
Location
Worldwide
Theme
Ransomware encrypting files with US$300–600 demand (via bitcoin)
Outcome
300,000+ computers infected[1][2][3]
Losses
Up to US$4 billion
Suspects
Lazarus Group
Convicted
None
Technical details
Platform
Microsoft Windows
Filename
mssecsvc.exe
Size
3723264 bytes
Ports used
Server Message Block
Abused exploits
CVE-2017-0145
Written in
Microsoft Visual C++ 6.0
For the June 2017 worldwide EternalBlue Petya cyberattack, see 2017 Ukraine ransomware attacks.
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.[4] It was propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.
The attack began at 07:44 UTC on 12 May 2017 and was halted a few hours later at 15:03 UTC by the registration of a kill switch discovered by Marcus Hutchins. The kill switch prevented already infected computers from being encrypted or further spreading WannaCry.[5] The attack was estimated to have affected more than 300,000 computers[6] across 150 countries,[6] with total damages ranging from hundreds of millions to billions of dollars. At the time, security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country. In December 2017, the United States and United Kingdom formally asserted that North Korea was behind the attack, although North Korea has denied any involvement with the attack.[7]
A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The worm spread onto 10,000 machines in TSMC's most advanced facilities.[8]
^"Ransomware attack still looms in Australia as Government warns WannaCry threat not over". Australian Broadcasting Corporation. 14 May 2017. Archived from the original on 15 May 2017. Retrieved 15 May 2017.
^Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Archived from the original on 9 April 2019. Retrieved 13 May 2017.
^"Shadow Brokers threaten to release Windows 10 hacking tools". The Express Tribune. 31 May 2017. Archived from the original on 10 July 2017. Retrieved 31 May 2017.
^"Two years after WannaCry, a million computers remain at risk". TechCrunch. 12 May 2019. Archived from the original on 4 June 2021. Retrieved 16 January 2021.
^"What is the domain name that stopped WannaCry?". 15 May 2017. Archived from the original on 21 January 2023. Retrieved 13 July 2021.
^ abChappell, Bill; Neuman, Scott (19 December 2017). "U.S. Says North Korea 'Directly Responsible' For WannaCry Ransomware Attack". NPR. Archived from the original on 2 December 2022. Retrieved 2 December 2022.
^"Cyber-attack: US and UK blame North Korea for WannaCry". BBC News. 19 December 2017. Archived from the original on 8 February 2021. Retrieved 18 February 2021.
^"TSMC Chip Maker Blames WannaCry Malware for Production Halt". The Hacker News. Archived from the original on 9 August 2018. Retrieved 7 August 2018.
and 27 Related for: WannaCry ransomware attack information
The WannaCryransomwareattack was a worldwide cyberattack in May 2017 by the WannaCryransomware cryptoworm, which targeted computers running the Microsoft...
secrets to personal information, including from mobile devices. WannaCryransomwareattack on 12 May 2017 affected hundreds of thousands of computers in...
a British computer security researcher known for stopping the WannaCryransomwareattack. He is employed by cybersecurity firm Kryptos Logic. Hutchins...
members of the Lazarus group for the WannaCryransomwareattack of 2017, which involved the spreading of ransomware that encrypted files on victims' computers...
and pin the attack on North Korea, given that the worldwide WannaCry worm cyber attack copied techniques from the NSA as well. This ransomware leverages...
the WannaCry worm, traveled automatically between computers without user interaction. Starting as early as 1989 with the first documented ransomware known...
12, 2017, a computer worm in the form of ransomware, nicknamed WannaCry, used the EternalBlue exploit to attack computers using Windows that had not received...
cyberattack was based on a modified version of the Petya ransomware. Like the WannaCryransomwareattack in May 2017, Petya uses the EternalBlue exploit previously...
cash for the regime, such as the Bangladesh Bank robbery and the WannaCryransomwareattack. North Korea portal Park, Ju-min; Pearson, James. Gopalakrishnan...
became victims of a ransomwareattack perpetrated by the REvil group, causing widespread downtime for over 1,000 companies. The attack was carried out by...
cryptocurrency ransomware attacks. The perpetrators of the 2017 WannaCryransomwareattack, which was attributed by the US government to North Korean threat...
few weeks, and was used alongside EternalBlue in the May 2017 WannaCryransomwareattack. A variant of DoublePulsar was first seen in the wild in March...
this leak within the first two weeks, and in May 2017, the major WannaCryransomwareattack used the ETERNALBLUE exploit on Server Message Block (SMB) to...
EternalBlue exploit was used to conduct the damaging worldwide WannaCryransomwareattack. Global surveillance disclosures (2013–present) United States...
a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down. It was the most significant cybercrime attack on an Irish...
spread of ransomware cyber-attack". The Guardian. ISSN 0261-3077. Retrieved 2017-05-13. Khandelwal, Swati. "It's Not Over, WannaCry 2.0 Ransomware Just Arrived...
failing to extort the online entertainment company Netflix. May: WannaCryransomwareattack started on Friday, May 12, 2017, and has been described as unprecedented...
June 2021. Retrieved 10 July 2021. Colonial Pipeline cyberattack WannaCryransomwareattack - which affected the National Health Service in the United Kingdom...
Indonesian Ministry of Health. In 2017, it was affected by the WannaCryransomwareattack. Dharmais Hospital was founded during the New Order on the initiative...
Andhra Pradesh Police computer's network was attacked by a malware known as WannaCryransomwareattack which was found to be critical. Operation Puttur...
Cybersecurity experts say Lazarus Group was also behind the WannaCryransomwareattack in May 2017 that infected hundreds of thousands of computers around...
"Hackers have cashed out on $143,000 of bitcoin from the massive WannaCryransomwareattack". CNBC. 3 August 2017. Archived from the original on 27 January...
in the Sony Pictures hack, the Bangladesh Bank robbery and the WannaCryransomwareattack. Legion of Doom; LOD was a hacker group active in the early 80s...
attempts, for example the 2014 Sony Pictures attack, and the WannaCryransomwareattack of 2017. In 2020, two SMB high-severity vulnerabilities were disclosed...
various high-profile cyberattacks, such as the Stuxnet worm and the WannaCryransomwareattack, to illustrate the potential catastrophic effects of cyberwarfare...
2003), to address a vulnerability that was being leveraged by the WannaCryransomwareattack. Updates to apps published on Windows Store after July 1, 2019...
Bangladesh Bank robbery 2015–2016 SWIFT banking hack May 2017 WannaCryransomwareattack North Korea portal Tailored Access Operations, USA PLA Unit 61398...