1. Team / Origin

• Attribution: The WannaCry attack is widely attributed to the Lazarus Group, a hacking group believed to be linked to North Korea.
• Motivation: Financial gain through ransomware and possibly disruption of Western organizations.
• Method: They used a ransomware worm that spread automatically across networks using a Windows exploit.

2. Impact

• Global Reach: Affected over 230,000 computers in more than 150 countries within days.
• Affected Organizations:
  • UK’s NHS (National Health Service) – disrupted hospital services, canceled appointments, and surgeries.
  • FedEx, Renault, Telefonica, and many others worldwide.
• Financial Damage: Estimated hundreds of millions to billions of dollars in damages due to downtime, lost productivity, and recovery costs.
• Data Impact: Files were encrypted and held for ransom; some organizations could recover from backups, others suffered data loss.

3. Root Cause

• Vulnerability Exploited: EternalBlue, a Windows SMBv1 exploit developed by the NSA and leaked by the Shadow Brokers.
• Primary Cause: Many organizations had unpatched Windows systems that allowed the ransomware to spread rapidly.
• Additional Factors:
  • Lack of network segmentation – made internal spreading easy.
  • Absence of timely backup procedures in some organizations.
  • Continued use of unsupported Windows versions like Windows XP.

4. Lessons Learned

• Apply security patches promptly.
• Implement network segmentation to limit malware propagation.
• Maintain offline backups to recover encrypted data.