WannaCry ransomware is a type of ransomware that was first discovered in May 2017. It is a type of malicious software that encrypts a victim’s files and demands a ransom payment in order to decrypt them. The name “WannaCry” is derived from the fact that it uses the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) and leaked by the hacking group known as the Shadow Brokers.
The WannaCry ransomware attack was particularly widespread and damaging, affecting hundreds of thousands of computers in over 150 countries. It primarily targeted older versions of the Windows operating system, such as Windows XP and Windows 7, which are no longer supported by Microsoft and therefore do not receive security updates.
Once the WannaCry ransomware infects a computer, it encrypts the victim’s files using a strong encryption algorithm, making them inaccessible. It then displays a ransom message demanding payment in the form of the cryptocurrency Bitcoin. The amount of the ransom increases over time, adding a sense of urgency to the situation.
One of the key features of WannaCry is its ability to spread quickly through a network by taking advantage of vulnerabilities in the Server Message Block (SMB) protocol. This allowed it to quickly infect large numbers of computers, making it particularly devastating.
Fortunately, a security researcher was able to discover a “kill switch” in the WannaCry code, which allowed him to stop the spread of the ransomware. This likely prevented the situation from becoming even worse.
However, the WannaCry attack serves as a reminder of the importance of keeping our computer systems up to date with the latest security patches and updates. It also highlights the need for robust cybersecurity measures, such as backup systems and robust network security protocols. By taking these steps, we can help protect ourselves against future ransomware attacks.
Know how seclookup can help you and your enterprise protect from Ransomware in general. Contact us now.