Software: WannaCry

WannaCry is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains self-propagating (“wormable”) features to spread itself across a computer network using the SMBv1 exploit EternalBlue.12

Associated Software Descriptions

• WannaCry - 12

Techniques Used

• Exploitation of Remote Services - WannaCry initially infected IT networks, but by means of an exploit (particularly the SMBv1-targeting MS17-010 vulnerability) spread to industrial networks.3

• Lateral Tool Transfer - WannaCry can move laterally through industrial networks by means of the SMB service.3

Groups

The following groups use this software:

• Lazarus group