The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry[a] ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The attack started on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
WannaCry spreads across local networks and the Internet to systems that have not been updated with recent security updates, to directly infect any exposed systems. A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it. Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but the day after the outbreak Microsoft took the unusual step of releasing updates for these operating systems too. Almost all victims are running newer Windows 7.
Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA), had discovered the vulnerability in the past, but instead of informing Microsoft had built the EternalBlue exploit for their own offensive work. It was only when the existence of this was revealed by The Shadow Brokers that Microsoft became aware of the issue, and could produce a security update.
Shortly after the attack began, a web security researcher who blogs as “MalwareTech” discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, but new versions have since been detected that lack the kill switch.
As of 19 May 2017, the attacks have slowed down and is presumed to be extinct. Though, isolated reports are coming from the countries, already affected by the ransomware attack. Unconfirmed sources have also alleged that a newer and a more powerful version of the virus would be released and infect the major computer systems all over the world.