Threat Landscape Dashboard

Feedback

Home

WannaCry - Ransomware

The ransomware uses exploits leaked by the Shadow Brokers and has infected a large number of computers including those in the government, telecom, and educational sectors. Files are encrypted denoted by the .WNCRYT extension. The bounty for WannaCry ranges from $300 to $600 but payments may not be uniquely associated with a system. The initial variants of WannaCry no longer encrypts if the sample can resolve an external DNS which is held by security researchers.

Name	Modified Date	Sources
WannaCry - Ransomware	2017-10-11	https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/ https://kc.mcafee.com/corporate/index?page=content&id=KB89335 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wannacry-ransomware-attacks/ https://securingtomorrow.mcafee.com/business/analysis-wannacry-ransomware-outbreak/ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://intel.malwaretech.com/botnet/wcrypt https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168 https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-old-worms-new/ https://kc.mcafee.com/corporate/index?page=content&id=PD27077 http://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU-SA2017-012.pdf https://www.us-cert.gov/ncas/alerts/TA17-132A https://www.ccn-cert.cni.es/seguridad-al-dia/comunicados-ccn-cert/4464-ataque-masivo-de-ransomware-que-afecta-a-un-elevado-numero-de-organizaciones-espanolas.html https://www.mcafee.com/us/security-awareness/articles/ransomware.aspx