WannaCry Ransomware: Impact and Actions

WannaCry Report.png


Download a free copy of Nettitude's Threat Advisory Report on WannaCry ransomware attacks seen around the world.

The Nettitude Global Threat Intelligence platform witnessed a spike in activity towards the SMB protocol on Friday 12th May 2017. In a 14-hour window, Nettitude observed 20,000 events that targeted this protocol alone. This activity correlates to the WannaCry ransomware attack that compromised major networks around the globe, including the National Health Service in the United Kingdom.

The Nettitude Threat Intelligence platform showed that two thirds of attacks emanated from Venezuela. Whether this is the actual location of the attackers or whether they were using it as a proxy location has yet to be confirmed.

Open source reporting has identified the ransomware as the WannaCry strain, one of many names attributed to this cyber-attack. The ransomware itself used the ETERNALBLUE exploit, one of a series of exploits released by the ShadowBrokers following the alleged hack of Equation Group.