8888888b. 8888888b. d8b 888 "Y88b 888 Y88b Y8P 888 888 888 888 888 888 8888b. 888d888 888d888 .d88b. 88888b. 888 d88P 8888b. 888 88888b. .d88b. 888 888 888 888 "88b 888P" 888P" d8P Y8b 888 "88b 8888888P" "88b 888 888 "88b d8P Y8b 888 888 888 888 .d888888 888 888 88888888 888 888 888 T88b .d888888 888 888 888 88888888 888 888 888 .d88P 888 888 888 888 Y8b. 888 888 888 T88b 888 888 888 888 888 Y8b. Y88b 888 8888888P" "Y888888 888 888 "Y8888 888 888 888 T88b "Y888888 888 888 888 "Y8888 "Y88888 888 Y8b d88P "Y88P" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Wannacry or Wannacrypt is the newest and fastest spreading ransomware mostly know for its attacks on various goverment systems including the Nation Health Service (NHS) in the United Kingdom but what people are forgetting about is how Wannacry is spreading so fast. Wannacry uses a exploit developed by the National Inteligance Agency (NSA) in the USA that exploits a vurnablity in Microsofts SMB/File sharing protocol and allows remote code execute (RCE) without any user interaction.
This is how Wannacry spread so fast because when the NSA exploit code was leaked online by the Shadow Brokers group many groups and tools started looking throught the code dump for anything of intrest and in the case the developers of Wannacry found the exploit for the SMB exploit and added it to there malware. However this isn't where the story ends because not long after the exploits were leaked online by the Shadow Brokers Microsoft started issuing patches and updates to prevent the attacks from working a few months before the release of Wannacry but not everyone updates or can update there system. Which is how Wannacry spread it found machines running SMB and tryed to using the exploit once it got into a system it would start scanning for more vulnerable machines on the local network and the internet which is how it spread so fast especially as the program didn't need any user interaction if it had the SMB vulnerability add on more traditional infection methods such as email phising and dead drops and you can see how Wannacry spread so quickly.