Scribd
Upload
206 views2 pages

WannaCry Ransomware

The document discusses the WannaCry ransomware attack that occurred in May 2017. It spread rapidly through unpatched Windows systems exploiting an SMB vulnerability. It encrypted files and demanded ransom payments in bitcoin. Major organizations affected included the UK's National Health Service, Nissan, Renault, and Telefonica. While the initial outbreak subsided, WannaCry continues infecting systems today.

Uploaded by

Shu Bham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
206 views2 pages

WannaCry Ransomware

The document discusses the WannaCry ransomware attack that occurred in May 2017. It spread rapidly through unpatched Windows systems exploiting an SMB vulnerability. It encrypted files and demanded ransom payments in bitcoin. Major organizations affected included the UK's National Health Service, Nissan, Renault, and Telefonica. While the initial outbreak subsided, WannaCry continues infecting systems today.

Uploaded by

Shu Bham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

WannaCry

ransomware
attack
NITYA NAND JHA
20BCY10163

What is WannaCry?

WannaCry is a ransomware worm that spread rapidly across several computer networks in May of 2017.
After infecting Windows computers, it encrypts files on the PC's hard drive, making them impossible for
users to access, then demands a ransom payment in bitcoin to decrypt them.

How does WannaCry work?

When executed, the WannaCry malware first checks the kill switch domain name; if it is not found, then
the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread
out to random computers on the Internet, and laterally to computers on the same network. As with
other modern ransomware, the payload displays a message informing the user that files have been
encrypted and demands a payment of around US$300 in bitcoin within three days, or US$600 within
seven days. Three hardcoded bitcoin addresses, or wallets, are used to receive the payments of victims.
As with all such wallets, their transactions and balances are publicly accessible even though the
cryptocurrency wallet owners remain unknown.
Who were affected?.

Organizations that had not installed Microsoft's security update from April 2017 were affected by the
attack. Those still running unsupported versions of Microsoft Windows, such as Windows XP and
Windows Server 2003 were at particularly high risk because no security patches had been released since
April 2014 for Windows XP (except one emergency patch released in May 2014) and July 2015 for
Windows Server 2003. A Kaspersky Lab study reported, however, that less than 0.1 percent of the
affected computers were running Windows XP, and that 98 percent of the affected computers were
running Windows 7. In a controlled testing environment, the cybersecurity firm Kryptos Logic found that
it was unable to infect a Windows XP system with WannaCry using just the exploits, as the payload failed
to load, or caused the operating system to crash rather than execute and encrypt files. However, when
executed manually, WannaCry could still operate on Windows XP.

Impact of the WannaCry attack

The ransomware campaign was unprecedented in scale according to Europol, which estimates that
around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four
most affected countries were Russia, Ukraine, India, and Taiwan.

One of the largest agencies struck by the attack was the National Health Service hospitals in England and
Scotland, and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators,
and theatre equipment – may have been affected. On 12 May, some NHS services had to turn away non-
critical emergencies, and some ambulances were diverted. In 2016, thousands of computers in 42
separate NHS trusts in England were reported to be still running Windows XP. In 2018 a report by
Members of Parliament concluded that all 200 NHS hospitals or other organizations checked in the wake
of the WannaCry attack still failed cybersecurity checks. NHS hospitals in Wales and Northern Ireland
were unaffected by the attack.

Nissan Motor Manufacturing UK in Tyne and Wear, England, halted production after the ransomware
infected some of their systems. Renault also stopped production at several sites in an attempt to stop
the spread of ransomware. Spain's Telefónica, FedEx, and Deutsche Bahn were hit, along with many
other countries and companies worldwide.

A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to


temporarily shut down several of its chip-fabrication factories in August 2018. The virus spread to
10,000 machines in TSMC's most advanced facilities

Is WannaCry finished?

No, WannaCry is still infecting systems but with fewer tears of sorrow. In March 2018, Boeing was hit
with a suspected WannaCry attack. The company claimed it did little damage, however, affecting only a
few production machines. Boeing was able to stop the attack and bring the affected systems back
quickly.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy