top of page

WannaCry

Name

Category

Type

Targeted OS

Description

Information

WannaCry
WannaCrypt
WannaCryptor
Wcry
WanaCry
WanaCrypt
WanaCrypt0r
Wana Decrypt0r

Malware

Ransomware
Worm
Remote command

Windows

WannaCry is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.

https://www.us-cert.gov/ncas/alerts/TA17-132A
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
https://baesystemsai.blogspot.de/2017/05/wanacrypt0r-ransomworm.html
http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html
https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e
https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984
https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
https://blog.gdatasoftware.com/2017/05/29751-wannacry-ransomware-campaign
https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/
https://www.flashpoint-intel.com/blog/linguistic-analysis-wannacry-ransomware/
http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/
https://www.dropbox.com/s/hpr9fas9xbzo2uz/Whitepaper%20WannaCry%20Ransomware.pdf?dl=0

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.wannacryptor

Alienvault OTX

NIL

Playbook

NIL

CISA

Other Information

Mitre

Mitre Techniques

Mitre Techniques  Navigator Link

NIL

NIL

https://attack.mitre.org/software/S0366/

['T1543', 'T1486', 'T1573', 'T1210', 'T1083', 'T1222', 'T1564', 'T1490', 'T1570', 'T1120', 'T1090', 'T1563', 'T1018', 'T1489', 'T1016', 'T1047', 'T0866', 'T0867']

https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fsoftware%2FS0366%2FS0366-enterprise-layer.json

bottom of page