The goal of this notification is to try to give meaningful and concise answers for the popular #WannaCry attack
1-) What is WannaCry (WCRY)? How does it possibly harm my infrastructure?
In April 2017, a hacker group called “TheShadowBrokers” leaked National Security Agency’s (NSA) hacking toolkit FUZZBUNCH, which included many working exploit techniques one of which is called EternalBlue.
When EnternalBlue is used with DOUBLEPULSAR payload, which is also included in the toolkit, against a target system, it resulted complete ownage by running commands on the target system with Administrator rights through the SMB service. The Microsoft Windows operating system weakness that EternalBlue abuses was patched with MS17-010 (CVE-2017-0144), however, it was also started to be used by a ransomware called WannaCry.
In short, when WannaCry ransom-ware spreads on an internal network, it scans the whole network to find machines that hasn’t been MS17-010 patched. When it finds one, it infects that machine, encrypts the files, asks for money to decrypt and moves on infecting other machines; rinse and repeat.