WannaCry

Malware updated a day ago (2024-09-10T03:18:31.291Z)
Download STIX
Preview STIX
WannaCry is a type of malware, specifically ransomware, that emerged as one of the most significant cybersecurity threats in 2017. It exploited Windows' SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), allowing it to spread across networks and encrypt files, demanding a ransom for their release. This ransomware attack was unprecedented in scale and impact, affecting various sectors worldwide. For instance, in Q1 2021, there were 2,678 WannaCry ransomware detections across African government sectors alone. The ransomware's propagation mechanism relied heavily on an exploit known as EternalBlue. The ambiguity surrounding such vulnerabilities became untenable with the rise of ransomware, as evidenced by the widespread damage caused by the WannaCry attacks in 2017. Despite efforts to patch and secure systems, the continued presence of unpatched or unsupported systems allowed for the persistence and resurgence of WannaCry and other similar ransomware like Petya, NotPetya, TeslaCrypt, DarkSide, REvil, Alcatraz Locker, Apocalypse, BadBlock, Bart, BTCWare, EncrypTile, and Globe. In response to these threats, several decryption tools have been developed to help victims recover their encrypted files without paying the ransom. One such tool is the WannaCry ransomware decryption tool available on GitHub, which has proven effective in decrypting files affected by WannaCry. Other decryptors can unlock a variety of ransomware types. These tools, coupled with proactive cybersecurity measures, have helped mitigate the effects of ransomware attacks and prevent incidents similar to the WannaCry outbreak in 2017.
Description last updated: 2024-09-10T03:16:33.457Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Wana Decrypt0r
2
Wana Decrypt0r, also known as WCry, WannaCry, WanaCrypt, and Wana Decryptor, is a threat actor responsible for a widespread ransomware campaign that severely impacted systems worldwide in May 2017. This malicious entity utilizes a variety of tactics to execute its intentions, including embedding an
Wannacryptor
2
WannaCryptor, also known as WannaCry or Wanna Decryptor, is a threat actor that has been active since at least 2009. This group, which is aligned with North Korea, has been responsible for several high-profile cyber incidents. Notable among these are the Sony Pictures Entertainment hack in 2014, cyb
Wcry
2
WCry, also known as WannaCry or WanaCryptor, is a self-propagating ransomware that was one of the most disruptive cyber attacks in history. This malware was a product of a North Korean cyber operation aimed at financial gain. The ransomware spreads through internal networks and over the public inter
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Windows
Vulnerability
Exploit
Worm
Exploits
exploited
Antivirus
Ransom
Wiper
Botnet
Dropper
Microsoft
Payload
Bitcoin
Apt
Encrypt
Encryption
Nhs
Extortion
Proxy
RCE (Remote ...
Remote Code ...
Trojan
exploitation
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
NotPetyaUnspecified
8
NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at
RyukUnspecified
4
Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves
StuxnetUnspecified
3
Stuxnet, discovered in 2010, is one of the most notorious malware attacks in history, primarily targeting Windows systems, programming logic controllers (PLCs), and supervisory controls and data acquisition (SCADA) systems. The military-grade cyberweapon was co-developed by the United States and Isr
petyaUnspecified
3
Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Da
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Yashma RansomwareUnspecified
2
Yashma ransomware is a malicious software that was first observed in May 2022 as a rebranded version of the Chaos ransomware builder V5, which leaked in April 2022. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold da
PhobosUnspecified
2
Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u
ConfickerUnspecified
2
Conficker, also known as Kido, Downadup, and Downup, is a malicious software (malware) that emerged in November 2008. This worm rapidly spread across computer networks, exfiltrating sensitive information such as login credentials and personal data. It exploited the MS08-067 vulnerability to initiall
LockerGogaUnspecified
2
LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu
TRITONUnspecified
2
Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and
REvilUnspecified
2
REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s
MiraiUnspecified
2
Mirai is a type of malware that has been notably used to create botnets, networks of infected devices controlled by an attacker. In early 2022, Mirai botnets accounted for over 7 million detections, although there was a subsequent 9% quarter-on-quarter drop in detections in Hong Kong. The malware is
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
4
The Lazarus Group, also known as APT38, is a notorious threat actor believed to be backed by the North Korean regime. This group has been associated with several high-profile cyber attacks and thefts, including the infamous $600 million Ronin sidechain exploit in 2022. Known for their sophisticated
Shadow BrokersUnspecified
2
The Shadow Brokers, a threat actor group, made headlines in the cybersecurity world for their leaks of sophisticated cyber tools believed to be developed by the Equation Group, an Advanced Persistent Threat (APT) group associated with the NSA's Tailored Access Operations unit. The most notable among
HIDDEN COBRAUnspecified
2
Hidden Cobra, also known as Lazarus Group, TEMP.Hermit, and several other names, is a threat actor attributed to the North Korean government by the U.S. Government. The group has been involved in various malicious cyber activities, including cyberespionage, ransomware attacks, and destructive operat
Labyrinth ChollimaUnspecified
2
Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var
WanacryptorUnspecified
2
None
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
EternalblueExploited
8
EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers
Ms17-010Unspecified
4
MS17-010, also known as EternalBlue, EternalSynergy, or EternalRomance, is a significant remote code execution vulnerability in Microsoft's Server Message Block 1.0 (SMBv1) protocol. This flaw in software design and implementation was exploited by various malware strains, most notably the WannaCry r
CVE-2017-0144Unspecified
3
None
Source Document References
Information about the WannaCry Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
a day ago
Threat Assessment: North Korean Threat Groups
DARKReading
12 days ago
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums
DARKReading
20 days ago
Why End of Life for Applications Is the Beginning of Life for Hackers
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
CERT-EU
7 months ago
Cyber Insurance Coverage Is Complex For Industrial Companies
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
InfoSecurity-magazine
2 months ago
New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine
3 months ago
London Ransomware Attack Led to 1500 Cancelled Ops and Appointments
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Quick Heal Technologies Ltd.
3 months ago
Doubt Your Vulnerability to Ransomware Attacks? Know How Quick Heal’s Protection Will Save You!
RIA - Information System Authority
3 months ago
Head of RIA: last year was proof that securing the digital lifestyle requires investing in the security of information systems
InfoSecurity-magazine
3 months ago
New North Korean Hacking Group Identified by Microsoft
Securityaffairs
4 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Quick Heal Technologies Ltd.
4 months ago
Unlocking Unbeatable Cybersecurity: Your Essential Guide to the Ultimate Antivirus Solution!