• 13 June 2018
  • 0 replies

Userlevel 7
Badge +36

SummaryThis is a ransomware payload distributed using wormlike exploit kits. Together with NotPeya, they were most devasting type of ransomware attack that's been released to date causing over $5 Billion in damages. The exploit kits used were EternalBlue and EternalRomance and they abused the SMB (Server Message Block) that's built into windows XP and newer operating systems. What's important about this is it allowed the ransomware to infect computers that had no external connection to the internet, but instead were on a local network in the organization. This meant that only one computer on the local network needed connection to the internet to act as a gateway and infect all these machines that had previously never been infected by ransomware. This allowed the WannaCry payload to infect over a hundred thousand computers in under 24 hours and shut down hospitals, power grids, car manufacturing plants, and shipping vessels. The attack only lasted a few days from May 12th - May 15th 2017 but we've been seen hundreds of variants every month since the attack started.  
 Glossary Blog Back to the Malware Manifesto

0 replies

Be the first to reply!