WannaCry Ransomware (2017)

By Dylan Sinalin

The Hack

Who were the hackers?

The attack was attributed to the Lazarus Group, a state-sponsored hacking group linked to North Korea. The Lazarus Group is known for other significant cyberattacks, such as the Sony Pictures hack and the Bangladesh Bank heist.

What happened?

WannaCry targeted computers running outdated or unpatched versions of Microsoft Windows. Critical systems in healthcare, government, and businesses were affected. While no data was stolen, the ransomware encrypted files and demanded Bitcoin payments for decryption.

When & Where did the attack occur?

• Where:The attack began on May 12, 2017 and rapidly spread worldwide within hours.
• Where:Over 150 countries were affected. Notable victims included the UK's National Health Service (NHS), Spanish telecom giant Telefónica, and logistics company FedEx.

Why did they do it?

Financial gain: Ransom demands ranged from $300 to $600 in Bitcoin. Political motives may have played a role, as the Lazarus Group is linked to funding the North Korean regime.

How was the attack carried out?

The ransomware leveraged a Windows vulnerability called EternalBlue, which was leaked by the hacking group Shadow Brokers from the NSA. WannaCry combined this exploit with a worm, enabling it to self-propagate across networks without user interaction. Initial infections likely began through phishing emails or vulnerable public-facing systems.