ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool WannaCry

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: WannaCry

NamesWannaCry
WannaCryptor
Wcry
Wana Decrypt0r
CategoryMalware
TypeRansomware, Worm, Remote command
DescriptionWannaCry is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.
Information<https://www.us-cert.gov/ncas/alerts/TA17-132A>
<https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today>
<https://baesystemsai.blogspot.de/2017/05/wanacrypt0r-ransomworm.html>
<http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html>
<https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168>
<https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e>
<https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58>
<https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d>
<https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984>
<https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/>
<https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/>
<https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html>
<https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group>
<https://blog.gdatasoftware.com/2017/05/29751-wannacry-ransomware-campaign>
<https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/>
<https://www.flashpoint-intel.com/blog/linguistic-analysis-wannacry-ransomware/>
<http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/>
<https://www.dropbox.com/s/hpr9fas9xbzo2uz/Whitepaper%20WannaCry%20Ransomware.pdf?dl=0>
MITRE ATT&CK<https://attack.mitre.org/software/S0366/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.wannacryptor>

Last change to this tool card: 20 May 2020

Download this tool card in JSON format

Previous: Waizsar RAT
Next: WARP

All groups using tool WannaCry

ChangedNameCountryObserved

APT groups

 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Spring 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key