The Popularisation of Ransomware: WannaCRY

WannaCry Ransomware History:

WannaCry is the largest ransomware attack in history that targeted hundreds of thousands of organizations around the world. WannaCry is a ransomware that spread quickly through a number of computers networks in 2017. WannaCry ransomware infected computers, it encrypted files on the PC’s hard disk, making it impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt the files

Big data and Internet of things trend. IT specialist workplace. Website HTML Code on the Laptop Display Closeup Photo. Big data storage and cloud computing representation

What is WannaCry?

The WannaCry ransomware can be defined as cryptocurrency ransomware, a type of malicious software used by cyber attackers to ransom money. The WannaCry ransomware arrives on the infected computer in the form of a dropper, a self-contained program that extracts the other application components installed within itself. The WannaCry ransomware contains components such as the application that encrypts and decrypts data, files containing encryption keys, and a copy of tor. WannaCry targets computers using Microsoft Windows as an operating system that contains different ransomware, the first ransomware encrypts valuable files so the users are unable to read their files or they get locked out by their computers so users are unable to use it which is locker ransomware. Another Ransomware that uses encryption is called crypto-ransomware.


Cyber-attackers took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States national security agency known as EternalBlue, this hack was made public by a group of hackers called the shadow brokers before the WannaCry attack. When the ransomware first happened everyone assumed that the WannaCry ransomware attack had spread through a phishing campaign however, EternalBlue was the exploit that allowed WannaCry to propagate and spread with DoublePulsar being the backdoor that installed on the computer.

The targets of WannaCry

Recounteur reported that Over 250 thousand systems were affected by the WannaCry ransomware in 150 countries and 176 different types of files were encrypted which caused $4 billion in losses across the globe. Some of the prestigious global companies that were affected included Nissan Motors, FedEx, Hitachi, Russia interior ministry, German Railway, South Korean cinemas, China universities, Japanese companies, and Uk hospitals.


The biggest causalities of the WannaCry ransomware attack in the United Kingdom were the National Health Service (NHS) in England. A third of NHS hospital trusts were affected; this included 34 infected hospital trusts which were locked out of their digital systems and medical devices, such as MRI scanners and eight percent of GP practices found their IT system disrupted and their PCs were encrypted and unusable, causing significant disruption to patients and care. Ambulances were reportedly rerouted, leaving patients in need of urgent care, it was estimated that the WannaCry ransomware costs the NHS £92 million after 19,000 were canceled as a result of the attack.

Recovering from WannaCry

The WannaCry ransomware attack was overcome by Marcus Hutchins who was a 25 years old hacker based in the UK, Hutcher was able to stop the WannaCry ransom attack by activating a kill switch built into the destructive ransomware strain. Hutchins had discovered a “Killswitch”, that was created so that the hackers could bring the attacks to an end. The attackers were not looking to stop however, they launched a service attack to try to crash the server of the newly registered website, starting up the WannaCry attacks again, they ultimately failed as Hutchins had protected the site by using the cache to handle the higher traffic rather than a live site which would have been overwhelmed. A kill switch is a mechanism for turning a device remotely and abruptly in an emergency such as when it has been stolen and accessed without authorization. In malware, a kill switch is a way for the operator to terminate their connection to the software to prevent authorities from discovering their identity.

Ransomware protection:

  • Update software and operating system consistently
  • Never open untrusted email attachments
  • Do not download from untrusted websites
  • Avoid unknown USBs
  • Use VPN when using public WIFI
  • Install internet security offer
  • Update your internet security software
  • Back up data

The WannaCry ransomware has inspired cyber-attacker like the most recent the REvil gang, they are a Russian-speaking ransomware syndicate that demanded $70 million dollars in bitcoin, hackers demanded to be paid in bitcoin as it is harder to trace cryptocurrencies. the hackers mentioned on their blog “We launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor.” The REvil gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients that set off a chain reaction that quickly paralyzed the computer of hundreds of firms worldwide

Contact us now to find out how CTSS can protect you from ransomware and more with WedgeARP