The WannaCry ransomware burst into the spotlight over the weekend as reports of infections streamed in from around the globe. It was the stuff of a Hollywood techno-thriller, and we watched it unfold in real time. But how did WannaCry come to be? How did it infect so many computers so quickly? And, perhaps most importantly, how will organizations and individuals cope with the fallout?
What is MS17-010, and what does it have to do with WannaCry?
When Microsoft needs to alert its customers to a security concern, it creates bulletins and posts them to the TechNet site. They’re given a label and assigned a severity rating. MS17-010 is a bulletin Microsoft posted in March. It disclosed the existence of a critical vulnerability in an older version of the SMB network protocol. That vulnerability was exploited by WannaCry to spread from computer to computer.
Who discovered the SMB vulnerability?
It wasn’t Microsoft, unfortunately. This nasty bug was actually discovered (and reportedly utilized) by the NSA, who referred to it as EternalBlue. It went public when Wikileaks published information obtained by the Shadowbrokers hacking group.
See more HERE