Wannacry Ransomware Attack: Definition, Damage & Defense

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

WannaCry is the ransomware cryptoworm that was behind the infamous worldwide cyberattack in 2017

In the spring of 2017, people all over the world booted up their computers and were met with a frightening message. Someone had encrypted all their files, and unless the victim paid up with bitcoin, that data would stay locked forever. 

Hackers built WannaCry ransomware with speed and theft in mind. One infected computer could spread the virus to others. Soon, offices, manufacturing plants, and even hospitals couldn't function normally. 

Researchers and programmers banded together, and the virus lost quite a bit of bite as the spring turned to summer. But if you have an older computer and you haven't taken action to protect it since 2017, you could still be at risk. 

Ransomware attacks didn't stop with WannaCry. In fact, this successful money-grabbing scheme seems to inspire hackers to try new approaches. It's critical for every company to work on ransomware defences.

The world meets WannaCry

The WannaCry virus stems from three critical factors: government secrets, a shared operating system, and hackers.

WannaCry was born when hackers leaked tools developed by the United States government. Those tools took advantage of vulnerabilities within Windows operating systems. Their release caused quite a scandal. For hackers, the information presented an opportunity.

Hackers manipulated those tools to release the WannaCry malware on the world. The virus had replication built right in, so one infected computer could reach out and pull others into the network. 

WannaCry infected an estimated 300,000 computers in 150 nations, and the final price tag for the damage was measured in billions. High-profile victims included hospitals and clinics in the United Kingdom and car manufacturers in Europe. But plenty of small companies were caught up in the scheme too. 

Spotting the infection was easy. Look at your computer screen, and you'd see a message with:

  • An explanation. The cryptoworm encrypted your data files, and you couldn't move past a lock screen.
  • Instructions. You were told to release bitcoin to one of three public wallets to get access to your files.
  • Warnings. If you didn't pay the fees by a deadline the hackers set, the hackers said you'd never get your files back.

Plenty of people paid up. By May of 2017, victims paid more than $27,000 to the hackers, and people could watch the bitcoin wallets fill up with more payments. But it was never clear if those people got access again.

What is WannaCry ransomware? 

WannaCry is a ransomware cryptoworm that worked on computers running Microsoft Windows. 

Infection typically followed this process:

  • Exposure: Your computer was randomly chosen through being connected to an infected network. You didn't need to touch an infected email or tap a corrupted link—the program found you via the network. 
  • Check: The program attempted to access a very long, strange-looking web domain. If it could c