Do You Wannacry [20/05/2017]

    Wannacry or Wannacrypt is the newest and fastest spreading ransomware mostly know for its attacks on various goverment systems including the Nation Health Service (NHS) in the United Kingdom but what people are forgetting about is how Wannacry is spreading so fast. Wannacry uses a exploit developed by the National Inteligance Agency (NSA) in the USA that exploits a vurnablity in Microsofts SMB/File sharing protocol and allows remote code execute (RCE) without any user interaction.

    This is how Wannacry spread so fast because when the NSA exploit code was leaked online by the Shadow Brokers group many groups and tools started looking throught the code dump for anything of intrest and in the case the developers of Wannacry found the exploit for the SMB exploit and added it to there malware. However this isn't where the story ends because not long after the exploits were leaked online by the Shadow Brokers Microsoft started issuing patches and updates to prevent the attacks from working a few months before the release of Wannacry but not everyone updates or can update there system. Which is how Wannacry spread it found machines running SMB and tryed to using the exploit once it got into a system it would start scanning for more vulnerable machines on the local network and the internet which is how it spread so fast especially as the program didn't need any user interaction if it had the SMB vulnerability add on more traditional infection methods such as email phising and dead drops and you can see how Wannacry spread so quickly.