WannaCry ransomware attack

WannaCry ransomware attack
WannaCry ransomware attack image
Screenshot of the ransom note left on an infected system
Date12 May 2017 – 15 May 2017
(initial outbreak)[1]
Duration4 days
LocationWorldwide
Also known asTransformations:
Wanna → Wana
Cryptor → Crypt0r
Cryptor → Decryptor
Cryptor → Crypt → Cry
Addition of "2.0"
Short names:
Wanna → WN → W
Cry → CRY
TypeCyberattack
ThemeRansomware encrypting files with $300–600 USD demand (via bitcoin)
CauseWannaCry worm
Outcome300,000+ computers infected[2][3][4]
ArrestsNone
SuspectsLazarus Group
AccusedTwo North Koreans indicted
ConvictionsNone
WannaCry
SubtypeRansomware
Point of originPyongyang, North Korea
Author(s)Lazarus Group (not confirmed)
Operating system(s) affectedMicrosoft Windows

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.[5] It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

The attack began at 07:44 UTC on 12 May 2017 and was halted a few hours later at 15:03 UTC by the registration of a kill switch discovered by Marcus Hutchins. The kill switch prevented already infected computers from being encrypted or further spreading WannaCry.[6] The attack was estimated to have affected more than 300,000 computers[7] across 150 countries,[7] with total damages ranging from hundreds of millions to billions of dollars. At the time, security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country. In December 2017, the United States and United Kingdom formally asserted that North Korea was behind the attack, although North Korea has denied any involvement with the attack.[8]

A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The worm spread onto 10,000 machines in TSMC's most advanced facilities.[9]

  1. ^ "The WannaCry ransomware attack was temporarily halted. But it's not over yet". 15 May 2017. Archived from the original on 28 October 2017. Retrieved 25 May 2017.
  2. ^ "Ransomware attack still looms in Australia as Government warns WannaCry threat not over". Australian Broadcasting Corporation. 14 May 2017. Archived from the original on 15 May 2017. Retrieved 15 May 2017.
  3. ^ Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Archived from the original on 9 April 2019. Retrieved 13 May 2017.
  4. ^ "Shadow Brokers threaten to release Windows 10 hacking tools". The Express Tribune. 31 May 2017. Archived from the original on 10 July 2017. Retrieved 31 May 2017.
  5. ^ "Two years after WannaCry, a million computers remain at risk". TechCrunch. 12 May 2019. Archived from the original on 4 June 2021. Retrieved 16 January 2021.
  6. ^ "What is the domain name that stopped WannaCry?". 15 May 2017.
  7. ^ a b Chappell, Bill; Neuman, Scott (19 December 2017). "U.S. Says North Korea 'Directly Responsible' For WannaCry Ransomware Attack". NPR. Retrieved 2 December 2022.
  8. ^ "Cyber-attack: US and UK blame North Korea for WannaCry". BBC News. 19 December 2017. Archived from the original on 8 February 2021. Retrieved 18 February 2021.
  9. ^ "TSMC Chip Maker Blames WannaCry Malware for Production Halt". The Hacker News. Archived from the original on 9 August 2018. Retrieved 7 August 2018.