This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
WannaCry is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains self-propagating (“wormable”) features to spread itself across a computer network using the SMBv1 exploit EternalBlue.12
Associated Software Descriptions
- Exploitation of Remote Services - WannaCry initially infected IT networks, but by means of an exploit (particularly the SMBv1-targeting MS17-010 vulnerability) spread to industrial networks.3
- Lateral Tool Transfer - WannaCry can move laterally through industrial networks by means of the SMB service.3
The following groups use this software: