WELCOME

In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off

Feb. 28, 2018 by Catherine Pope

In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off attributed by the US to North Korea—raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows' Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.

The core exploit used by WannaCry has been leveraged by other malware authors, including the NotPetya attack that affected companies worldwide a month later, and Adylkuzz, a cryptocurrency-mining worm that began to spread even before WannaCry. Other cryptocurrency-mining worms followed, including WannaMine—a fileless, all-PowerShell based, Monero-mining malware attack that threat researchers have been tracking since at least last October. The servers behind the attack were widely published, and some of them went away.

In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off attributed by the US to North Korea—raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows' Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.

The following table lists the current security weaknesses of both the WannaCry attack and the NotPetya attack.