WannaCry (2017)
WannaCry was a ransomware attack that struck globally in May 2017, affecting more than 200,000 computers across 150 countries in just a few days. The attack exploited vulnerabilities in Windows operating systems to spread and encrypt files on infected machines.
Here’s a description of the WannaCry attack:
Technical Description |
|
Initial compromise |
The initial misconception about WannaCry’s spread was that it was primarily through phishing emails. However, as further analysis took place, it became clear that the primary mechanism of the rapid global propagation was the exploitation of an SMB vulnerability (CVE-2017-0144) via the EternalBlue exploit of systems that had an open (Server Message Block) port (specifically, port |
CVE-2017-0144 |
CVE-2017-0144 is a specific... |