This article was interesting to me post from wired.com, so I decided to repost.
On May 12 a strain of ransomware called WannaCry spread around the world, walloping hundreds of thousands of targets, including public utilities and large corporations. Notably, the ransomware temporarily crippled National Health Service hospitals and facilities in the United Kingdom, hobbling emergency rooms, delaying vital medical procedures, and creating chaos for many British patients.
Though powerful, the ransomware also had significant flaws, including a mechanism that security experts effectively used as a kill switch to render the malware inert and stem its spread. US officials later concluded with “moderate confidence” that the ransomware was a North Korean government project gone awry that had been intended to raise revenue while wreaking havoc. In total, WannaCry netted almost 52 bitcoins, or about $130,000—not much for such viral ransomware
WannaCry’s reach came in part thanks to one of the leaked Shadow Brokers Windows vulnerabilities, EternalBlue. Microsoft had released the MS17-010 patch for the bug in March, but many institutions hadn’t applied it and were therefore vulnerable to WannaCry infection.
A month or so after WannaCry, another wave of ransomware infections that partially leveraged Shadow Brokers Windows exploits hit targets worldwide. This malware, called Petya, NotPetya and a few other names, was more advanced than WannaCry in many ways, but still had some flaws, like an ineffective and inefficient payment system.
Though it infected networks in multiple countries—like the US pharmaceutical company Merck, Danish shipping company Maersk, and Russian oil giant Rosnoft—researchers suspect that the ransomware actually masked a targeted cyberattack against Ukraine. The ransomware hit Ukrainian infrastructure particularly hard, disrupting utilities like power companies, airports, public transit, and the central bank, just the latest in a series of cyber assaults against the country.