Cybersecurity incident report - WannaCry ransomware

Student Posters at 8:30in O'Reilly Enterprise Center

One of the major cybersecurity attacks of the last decade is the WannaCry attack, which occurred in May 2017. This attack is considered one of the major attacks of the last decade because it showed the world what could happen if a single vulnerability is exploited. In this case, the WannaCry attack exploited a vulnerability in Microsoft’s SMB protocol, known as EternalBlue. This protocol allows malware to spread automatically without any human intervention. This is similar to a worm, and it is one of the characteristics of WannaCry that helped it spread globally in a matter of hours.Critical infrastructure is one of the industries that were greatly affected by the WannaCry attack. For example, hospitals had to cancel surgeries, and financial losses were estimated at billions of dollars. This report analyzes the technical and operational elements that contributed to the WannaCry ransomware outbreak. It evaluates associated risks through a threat intelligence perspective, identifies mitigation and remediation strategies, and discusses residual risks that organizations must continue to manage. The report further provides executive-level recommendations aimed at strengthening organizational cybersecurity posture, enhancing resilience against ransomware threats, and reducing the likelihood of similar large-scale compromises in the future. This report will discuss the various technical and operational factors that contributed to the recent WannaCry ransomware outbreak, including the risks associated with the outbreak from the perspective of threat intelligence, the various remediation and mitigation techniques, and the risks that remain, which need to be addressed by organizations to strengthen their cybersecurity posture, thus avoiding such ransomware attacks in the future. Keywords: ransomware, wannacry, eternalblue, smb vulnerability, cyber resilience