Wanacry

WannaCry is a notable threat actor that gained infamy for its global ransomware attack in May 2017. The malware associated with this group encrypts files on the victim's computer, appending the string "WANACRY!" at the beginning of each file to mark its territory. The encrypted files become inaccessible until a ransom is paid, typically demanded in Bitcoin. Various messages are displayed to the victim during the process, including warnings such as "Ooops, your files have been encrypted!" and demands like "Pay now, if you want to decrypt ALL your files!". This malicious software also leaves behind distinct file references, such as "!WannaCryptor!.bmp", "!WannaDecryptor!.exe.lnk", and "!Please Read Me!.txt". The WannaCry ransomware not only encrypts files but also executes various commands to further disrupt the system. These include disabling system recovery options and deleting shadow copies of files, which are often used for backups or restorations. Commands such as "vssadmin.exe Delete Shadows /All /Quiet", "wmic shadowcopy delete", and "bcdedit /set {default} bootstatuspolicy ignoreallfailures" are executed to ensure the victim cannot easily recover their files without paying the ransom. The encryption format used by WannaCry is identifiable by the unique file header "WANACRY!". This acts as a signature of sorts, making it easier for cybersecurity experts to identify infections caused by this particular threat actor. Despite the havoc wreaked by WannaCry, understanding its modus operandi has helped in developing countermeasures and strategies to mitigate similar threats in the future. As a result, knowledge about WannaCry serves as an important case study in the field of cybersecurity.