WannaCry explained: A perfect ransomware storm

In May 2017, WannaCry spread across computers, encrypting files, and demanding a bitcoin ransom to decrypt them. It exploited a vulnerability in Microsoft’s implementation of the SMB protocol, using the EternalBlue exploit (which was believed to have been developed by the NSA). The ransomware was shut down serendipitously. WannaCry tried to access a non-existent domain as a “kill switch” — when a security researcher registered the domain, they were able to shut down the bug. However, by that time, the initial outbreak already caused major disruptions, hitting systems such as Britain’s National Health Service. WannaCry was eventually linked to the Lazarus hacker group, which has ties to North Korea. While Microsoft had released a patch for the exploit two months earlier, many systems were not updated at that time. Even now, machines can get infected by WannaCry if they are not up to date.