Wannacry Ransomware Attack: An Important Guide For 2021


Nowadays, most of our day-to-day activities are done through the web, and it became part of our lives, so it is our responsibility to know all threats of it and the probability that many of you don’t know about cyberattacks in the world. So here is the information of one of the cyberattacks called the wannacry ransomware attack that spread rapidly across several computer networks running on the Microsoft Windows operating system in May of 2017. Read on to this, know about causes of Wannacry ransomware and how it affects your system.

  1. What is Wannacry Ransomware?
  2. How does Wannacry infect PC’s
  3. Wannacry patch

1) What is Wannacry Ransomware?

Wannacry is also known as Wannacrypt, Wanna Decryptor, Wana Decrypt0r 2.0, and  WanaCrypt0r 2.0  a piece of malware in the form of ransomware that can spread itself to another system like a worm. This attack brought the idea of ransomware threats into the focus. This worldwide attack disrupts many systems, including hospitals, companies, telecommunications, manufacturers, and law enforcement offices. It is estimated that the Wannacry attack affected more than 200,000 computers in 150 countries across the globe with total damage of hundreds of millions to billions of dollars.

Wannacry was supported for 28 languages indicating that the attack targeted a large part population of the world.  Some security experts stated that this attack originated in North Korea. After releasing emergency patches by Microsoft, the attack was cessed, and the discovery of the kill switch becomes an aid for disrupted computers from spreading wannacry further. Wannacry ransomware attack was spread in the organizations which were using an older version of windows system or not applied patches for vulnerabilities released by Microsoft previously.

2) How does Wannacry infect PC’s

In a Wannacry attack, hackers used an exploit called eternal blue, which was discovered by the United States national security agency (NSA) for older windows systems. A year before the attack eternal blue was stolen and leaked by the group called The shadow brokers. Eternal blue allowed for Wannacry to propagate by exploiting a vulnerability in Microsoft’s server message block protocol. Similar to other ransomware outbreaks the attack was spread itself by users clicking on hyperlinks received through phishing emails or by way of advertisements.

After it has infected computers through these hyperlinks, it encrypts files on the computer’s hard drive and users lost access to their own files. To decrypt the files, hackers demand a ransom payment in bitcoin or some other untraceable cryptocurrency. Hackers demand US$300 in bitcoin within three days or US$600 within 7 days. The payment was received by three hardcoded bitcoin addresses or wallets because transactions and balances in there are publically accessible, but owners of the cryptocurrency wallet remain unknown.  

3) Wannacry patch

A few months before the attack Microsoft eventually discovered the vulnerability and issued security bulletin MS17-010 to prevent infection via eternal blue which detailed the flaw and announce the patches for all windows version including windows vista, windows 7, windows 8.1, windows 10, windows server 2008, windows server 2008R2, windows server 2012 and windows server 2016 which were currently supported that time. But the worst part not everyone was up to date with patches on the day of the outbreak of attack. 

  • Factors responsible  for the spread of Wannacry attack noteworthy 

Now wannacry is a textbook example of a ransomware attack – an attack that encrypts data and demanded a ransom payment to decrypt them because of its rapid spread.  One of the factors being ransomware is exploring the vulnerability of the protocol called windows server message block. Secondly, it was tentatively linked by Symantec and other security researchers to the Lazarus group, a cybercrime organization made up of an unknown number of individuals associated with the North Korean government. Another reason is this attack disrupt several high profiles and important systems, including many in Britain’s National Health Service.

  • Wannacry still active but causing fewer tears of sorrow

Though the researchers successfully stopped the spread of Wannacry ransomware on May 17 it still infecting the systems, it shows that the root f problem is not yet abolished. Boeing was hit with a suspected Wannacry attack in march 2018, but the company claimed to have little damage to their system. This shows that there is still an unpatched windows system that needs to be corrected.

  • Impact of wannacry in May 2017

The four most affected countries of this attack were India, Russia, Ukraine, and Taiwan. In India, affected organizations were the Andhra Pradesh police and the state government of Maharashtra, Gujrat, Kerala, and West Bengal. National health services hospitals in England and Scotland were the largest stuck organizations in the world. Around 70000 devices, including blood storage refrigerators, MRI scanners, and theatre equipment, may have been affected. This attack also affects Nissan motor manufacturing in tyne and wear, England. Several sites of Renault also put a stop to their production to avoid the spread of ransomware. Spains FedEx, Telefonica, and Deutsche Bahn were also affected.


To conclude, there are some important pointers which you should have to remember:

  • always backup files 
  • use an updated version of the system
  • Do not expose the SMB protocol to the outside world  

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.


Related Articles

Please wait while your application is being created.
Request Callback