Blog

A Technical Analysis of WannaCry Ransomware

Ransomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor query rules, and indicators of compromise.

WannaCry Ransomware

On the afternoon of Friday, May 12, 2017, what we refer to as version 2 of WannaCry ransomware started to infect systems of a private Spanish telecommunications company. This blog covers the ransomware background, a high-level technical overview, the kill switch, and advice for defending against WannaCry.