How the attack took place (Unit 2)

Where did it come from?

 

The attack was a crypto-ransomware attack that made use of encryption to lock people out of their files. WannaCry then takes your data hostage and would only return it to you after paying a ransom in the cryptocurrency Bitcoin.

 

This attack targeted computers running Microsoft Windows as their operating system as they could make use of a hidden weakness in it by using a hack originally developed by the United States National Security Agency. The hack, Eternalblue was stolen and leaked by a group called The Shadow Brokers a year before the attack and was later developed into WannaCry by the Lazarus group to extort money out of users with compromised computers.

​

The attack starts by using the EternalBlue exploit to spread itself through open networks into computers. It then enters the computer by installing a backdoor called DoublePulsar. This allows for the automatic installation and execution of WannaCry, the ransomware screen.

 

How the tables have turned. In the next unit, we'll cover the security domains impacts by this atrocious attack.