WannaCry was a ransomware that caused huge damage to thousands of computers around the world.
This virus locked users' files through strong encryption and demanded a payment in Bitcoin to recover them, usually within a limited time, or the files would be deleted permanently.
On May 12th, 2017, WannaCry spread explosively across over 150 countries in just a matter of hours. It infected hospitals, corporations, government agencies, and regular users. Some major affected organizations included FedEx, Nissan, Hitachi, and the UK's National Health Service (NHS), where entire hospital systems were shut down, delaying medical care.
The ransomware was temporarily stopped thanks to a security researcher known online as MalwareTech, who discovered that the malware was trying to connect to an unregistered domain. By registering that domain, he accidentally triggered a built-in "kill switch" that halted further spread of the infection. However, by that point, the damage was already done — countless files were already encrypted and unrecoverable unless backups were available.
This ransomware spread rapidly due to a Windows vulnerability known as EternalBlue. It was an exploit that targeted a weakness in the Server Message Block (SMB) protocol used for file sharing between computers.
The US National Security Agency (NSA) had discovered EternalBlue but chose to keep it secret and use it for surveillance, instead of reporting it to Microsoft. Eventually, a hacker group known as the Shadow Brokers stole and leaked the exploit to the public in April 2017.
Microsoft released a security patch (MS17-010) a month earlier in March 2017, but many systems around the world were still running outdated or unsupported versions of Windows (like Windows XP, Windows 7, and Windows Server 2003) and had not installed the patch. That allowed WannaCry to spread quickly and automatically, jumping from one unprotected machine to another.
WannaCry became a global wake-up call about the importance of cybersecurity, regular software updates, and backing up important files. It also exposed the risks of government agencies stockpiling exploits without notifying software vendors.
Although the original WannaCry version was stopped, its variants and copycat attacks still circulate, and EternalBlue remains a danger on unpatched systems even today.