Ransomware / Worm
WannaCry
aka WannaCrypt · WCry · WanaCrypt0r
A self-propagating ransomware worm that used the EternalBlue SMB exploit to infect over 200,000 systems across 150 countries in May 2017.
WannaCry was a ransomware worm that erupted on 12 May 2017, encrypting files and demanding Bitcoin while spreading automatically across networks. It combined commodity ransomware with EternalBlue — an NSA-developed SMBv1 exploit leaked weeks earlier by the Shadow Brokers — letting it jump between unpatched machines with no user interaction.
Impact
Within a day it had hit more than 200,000 systems in 150+ countries. The UK's NHS was badly disrupted, with appointments and operations cancelled. The outbreak slowed only when a researcher registered a hard-coded kill-switch domain the malware checked before encrypting.
Attribution
The US, UK and others formally attributed WannaCry to North Korea's Lazarus Group. The campaign timeline is profiled on Cyber Breaches, and the EternalBlue spreader is dissected on the Reverse Engineering Hub.
Defense
Patch MS17-010, disable SMBv1, and segment networks. WannaCry remains a background infection on unpatched legacy systems years later.