WannaCry ransomware attack
2017 worldwide ransomware cyberattack / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about WannaCry cyber attack?
Summarize this article for a 10 years old
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.[5] It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to organizations' cyber security but many were not implemented due to ignorance of their importance. Some have claimed a need for 24/7 operation, aversion to risking having formerly working applications breaking because of patch changes, lack of personnel or time to install them, or other reasons.
 Screenshot of the ransom note left on an infected system | |
| Date | 12 May 2017 – 15 May 2017 (initial outbreak)[1] |
|---|---|
| Duration | 4 days |
| Location | Worldwide |
| Also known as | Transformations: Wanna → Wana Cryptor → Crypt0r Cryptor → Decryptor Cryptor → Crypt → Cry Addition of "2.0" Short names: Wanna → WN → W Cry → CRY |
| Type | Cyberattack |
| Theme | Ransomware encrypting files with $300–600 USD demand (via bitcoin) |
| Cause | WannaCry worm |
| Outcome | 300,000+ computers infected[2][3][4] |
| Arrests | None |
| Suspects | Lazarus Group |
| Accused | Two North Koreans indicted |
| Convictions | None |
| Subtype | Ransomware |
|---|---|
| Point of origin | Pyongyang, North Korea |
| Author(s) | Lazarus Group (not confirmed) |
| Operating system(s) affected | Microsoft Windows |
The attack began at 07:44 UTC on 12 May 2017 and was halted a few hours later at 15:03 UTC by the registration of a kill switch discovered by Marcus Hutchins. The kill switch prevented already infected computers from being encrypted or further spreading WannaCry.[6] The attack was estimated to have affected more than 300,000 computers[7] across 150 countries,[7] with total damages ranging from hundreds of millions to billions of dollars. At the time, security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country. This was confirmed in December 2017, when the United States and United Kingdom formally asserted that North Korea was behind the attack.[8]
A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The virus spread onto 10,000 machines in TSMC's most advanced facilities.[9]