About WannaCry:-

WannaCry attack is one of the remarkable strike in the history of the cybercrime that shook the digital world to the core. It was the major security incident that affected the organisations all over the globe.

When happened:-

On the May 12, 2017, the outbreak of this ransomware worms take hold of more than 300,000 computers over 150 nations within few hours. Amidst all, the majorly influenced companies includes FedEx, Honda, Nissan and UK’s National Health Service.

How it infects:-

Basically it exploits the vulnerability of the windows OS’s server messenger block(SMB) protocol which is responsible to transfer the message to other computers in a particular network.

The neutralization

1. Hours after the attack, WannaCry was momentarily declared inoperable. A “kill switch” was found by a security researcher Marcus Hutchins, which effectively disabled the spyware.
2. Many of the impacted systems, however, remained encrypted and unusable until the victims were able to reverse the encryption or pay the ransom.
3. The attack was mitigated by reverse engineering the source code of WannaCry. Marcus Hutchins discovered that WannaCry had an odd feature: it would check the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com before running. Besides, there was no such webpage.

Thus, he decided to register the domain. (The price was $10.69.) Copies of WannaCry stopped executing after Hutchins took this action, but they kept spreading. In essence, as soon as WannaCry started receiving responses from iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, it shut down.

Who leaked it

The group of the hackers that leaked the ransomware are known as shadow brokers. In the case of WannaCry, on April 14,2017, the EternalBlue was leaked as an exploitation that affects the Windows vulnerability.

However, a security patch was already issued by Microsoft one month ago on 14th March. Although, many computers were still remained unpatched and gets affected.

Is WannaCry still active?

1. Because of Hutchins’ kill switch domain, the WannaCry version that was first made public in 2017 is no longer functional. Furthermore, since March 2017, a patch has been accessible for the EternalBlue vulnerability that WannaCry took advantage of.
2. WannaCry attacks still happen, though. Only very old, outdated Windows computers were at risk since WannaCry was still exploiting the EternalBlue vulnerability as of March 2021. The kill switch feature found in the original WannaCry version has been eliminated in later iterations. It is strongly advised to update operating systems and install security updates right away.