It's been a year since the gigantic WannaCry ransomware cyber attack[1] caused chaos across the world, hitting more than 230,000 computers in total.
The hard drive encrypting malware spread so fast because the group behind it had combined normal malware with EternalBlue[2], a leaked NSA hacking tool which allowed WannaCry to use worm-like capabilities to self-propagate on vulnerable Windows systems.
While there was some initial speculation that WannaCry was spread in an email spam campaign, the ransomware didn't in fact require any user interaction at all. Combining EternalBlue and another leaked exploit in the form of DoublePulsar, the worm looked for vulnerable public facing SMB ports it could establish a connection to.
Once these were located, the leaked SMB exploits were harnessed to not only deploy WannaCry on that particular system, but to spread to all other vulnerable machines on the connected network. In essence, even just one open, vulnerable SMB port could lead to a whole network being infected by the ransomware.
Spanish mobile operator Telefónica was one of the first major organisations to report problems caused by WannaCry, while by the afternoon of the 12th, the UK's NHS was reporting problems[3], with systems down at hospitals and doctor's surgeries across the country, forcing the cancellation of thousands of appointments and ambulances to be rerouted. It led to the first meeting of the UK government's emergency COBRA meeting because of a cyber attack.
French car manufacturer Renault, German railway firm Deutsche Bahn were other high profile victims in Europe, while Russian government ministries and companies were also with FedEx another major victim.
The ransom note told victims their files were encrypted and that their documents, photos, videos and databases were 'no longer accessible' and that