WannaCry was a devastating worldwide ransomware cyberattack that occurred in May 2017. The WannaCry ransomware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin cryptocurrency. On May 12, 2017, the WannaCry ransomware spread to more than 200,000 computers across over 150 countries, causing billions of dollars in damages.
WannaCry exploited EternalBlue, a cyberweapon developed by the United States National Security Agency (NSA) that exploited a vulnerability in Microsoft's Server Message Block (SMB) protocol. EternalBlue was stolen and leaked by a hacker group called The Shadow Brokers approximately one month before the WannaCry attack. Microsoft had released a security patch (MS17-010) in March 2017 to address the vulnerability, but many organizations had not yet applied the update.
What made WannaCry particularly dangerous was its worm-like propagation mechanism. Unlike most ransomware that requires victims to click a phishing link or download a malicious attachment, WannaCry could spread automatically across networks without any user interaction, scanning for and infecting vulnerable systems rapidly.
Notable victims included FedEx, Honda, Nissan, and the United Kingdom's National Health Service (NHS), which was forced to divert ambulances to alternate hospitals and cancel thousands of appointments. Several intelligence agencies, including those in the United States and United Kingdom, attributed the attack to North Korea's Lazarus Group.
WannaCry highlighted the critical importance of timely patching, network segmentation, and layered security defenses. Pangratis helps organizations protect against ransomware delivery mechanisms by detecting and blocking malicious emails that could serve as entry points for such attacks.