WannaCry didn’t begin with malicious phishing emails

by Julie Splinters - -

At first, it was suspected that the WannaCry ransomware spread via phishing. However, according to a research by Malwarebytes, the ransomware was distributed via scanning for vulnerable SMB ports displayed on the Internet.[1]

WannaCry attack

Attackers applied the NSA’s EternalBlue exploit in order to take the aimed network. Meanwhile, the DoublePulsar backdoor was used to increase the persistence that enables it to install other malware, such as WannaCry.

Adam McNeil, the senior malware intelligence analyst at Malwarebytes, states:

“Without otherwise definitive proof of the infection vector via user-provided captures or logs, and based on the user reports stating that machines were infected when employees arrived for work, we’re left to conclude that the attackers initiated an operation to hunt down vulnerable public facing SMB ports, and once located, using the newly available SMB exploits to deploy malware and propagate to other vulnerable machines within connected networks. Developing a well-crafted campaign to identify just as little as a few thousand vulnerable machines would allow for the widespread distribution of this malware on the scale and speed that we saw with this particular ransomware variant.”

The takeaways stay similar: better patching of systems; migrating to more advanced, supported operating systems if it’s possible; damaging and disabling of irrelevant protocols, such as network segmentation or SMB.[2]

Moreover, Brad Smith, the president of Microsoft Corporation, called out the NSA for stocking up on exploits. The WannaCry ransomware case can be set as an example of what could happen if government-developed exploits are taken by criminals.

WannaCry also demonstrates that even if the authentic threat does not compromise consumers anymore, more recent versions are able to take over.

About the author

Julie Splinters
Julie Splinters - VPN service analyst

Julie Splinters is a VPN service analyst at Reviewedbypro.com, who specializes in VPN services and anti-spyware applications. Her major of English Philology and her passion for IT helped her choose the path of an IT writer.

Contact Julie Splinters
About the company Esolutions


now online
Like us on Facebook