who created wannacry

It's a wake-up call for companies to finally take IT security [seriously]". It also seems likely that a human rather than a piece of software translated the note from Chinese to English since using Google Translate for the job did not result in similar text to the English version of the note. WannaCry hero, Marcus Hutchins, pleads guilty to creating and distributing banking malware and reignites the debate about the role of black hat hackers in the cybersecurity industry. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere. It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.. On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers. The weaponization—rather than responsible disclosure—of those underlying exploits created an opportunity for the WannaCry attack to be waged. The DOJ indictment breaks down several of these connections in their indictment. WannaCry is also an eerie reminder of when the Stuxnet worm – a cyber weapon jointly created by the US and Israel to target Iranian nuclear facilities – … [8][41] In a controlled testing environment, the cybersecurity firm Kryptos Logic found that it was unable to infect a Windows XP system with WannaCry using just the exploits, as the payload failed to load, or caused the operating system to crash rather than actually execute and encrypt files. When executed, the WannaCry malware first checks the "kill switch" domain name; if it is not found, then the ransomware encrypts the computer's data,[22][23][24] then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet,[25] and "laterally" to computers on the same network. A timeline of the WannaCry cyberattack By Monday, the attack had hit more than 200 organizations in 150 countries. [11] It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. A human-style typo in the Chinese version makes it seem that it was drafted directly in that language rather than translated from another language. There isn't a cybersecurity professional in the world that is not sick and tired of hearing about WannaCry and NotPetya, and with good reason as … JUST WATCHED For one thing, there are a few extra phrases that appear in the Chinese versions but not any other version, suggesting that the note was originally drafted in Chinese, then translated into English and fed into Google Translate from there. But it's not over yet", "Ransomware attack still looms in Australia as Government warns WannaCry threat not over", "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It", "Shadow Brokers threaten to release Windows 10 hacking tools", "A brief study of wannacry threat: Ransomware attack 2017", "It's Official: North Korea Is Behind WannaCry", "TSMC Chip Maker Blames WannaCry Malware for Production Halt", "Customer Guidance for WannaCrypt attacks", "Avast reports on WanaCrypt0r 2.0 ransomware that infected NHS and Telefonica", "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak", "Wanna Decryptor: what is the 'atom bomb of ransomware' behind the NHS attack? [116] In addition, Segal said that governments' apparent inability to secure vulnerabilities "opens a lot of questions about backdoors and access to encryption that the government argues it needs from the private sector for security". [80][81] According to an analysis by the FBI's Cyber Behavioral Analysis Center, the computer that created the ransomware language files had Hangul language fonts installed, as evidenced by the presence of the "\fcharset129" Rich Text Format tag. [48], The day after the initial attack in May, Microsoft released out-of-band security updates for end of life products Windows XP, Windows Server 2003 and Windows 8; these patches had been created in February of that year following a tip off about the vulnerability in January of that year. [58][59][60][61][62] On 14 May, a first variant of WannaCry appeared with a new and second[63] kill-switch registered by Matt Suiche on the same day. The cybersecurity companies[85] Kaspersky Lab and Symantec have both said the code has some similarities with that previously used by the Lazarus Group[86] (believed to have carried out the cyberattack on Sony Pictures in 2014 and a Bangladesh bank heist in 2016—and linked to North Korea). Who launched this computer worm into the world? The results were identical or near-identical. The worm is also known as WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor. [104] On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted. [96][97], On 6 September 2018, the US Department of Justice (DoJ) announced formal charges against Park Jin-hyok for involvement in the Sony Pictures hack of 2014. The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. [78], Within four days of the initial outbreak, new infections had slowed to a trickle due to these responses. The researchers further determined that it was the English version of the ransom note that was used with Google Translate to create all the other versions using a simple test: They put the English version of the note through Google Translate themselves, and compared the results to the 25 other versions of the note. [90], On 18 December 2017, the United States Government formally announced that it publicly considers North Korea to be the main culprit behind the WannaCry attack. [95], North Korea, however, denied being responsible for the cyberattack. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan. [49][40] Organizations were advised to patch Windows and plug the vulnerability in order to protect themselves from the cyber attack. [6], A new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. [116] Microsoft president and chief legal officer Brad Smith wrote, "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. But Flashpoint researchers think they may know even more. [101], One of the largest agencies struck by the attack was the National Health Service hospitals in England and Scotland,[102][103] and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected. [88] Brad Smith, the president of Microsoft, said he believed North Korea was the originator of the WannaCry attack,[89] and the UK's National Cyber Security Centre reached the same conclusion. Headed for the laundry. WannaCry ransomware hero won't go to prison for creating banking malware . An initial dropper contains the encrypter as an embedded resource; the encrypter component contains a decryption application (“Wana Decrypt0r 2.0”), a password-protected zip containing a copy of Tor, and several individual files with configuration information and encryption keys. [109][105], Nissan Motor Manufacturing UK in Tyne and Wear, England, halted production after the ransomware infected some of their systems. [54] Later globally dispersed security researchers collaborated online to develop open source tools[173][174] that allow for decryption without payment under some circumstances. [36][37], Organizations that had not installed Microsoft's security update from April 2017 were affected by the attack. Amazing story", "Pause a moment to consider why we're left with researchers, not governments, trying to counter the @NSAGov-enabled ransomware mess. Linguistic analysis by security firm Flashpoint reveals clues to the hackers' whereabouts. Starting from 21 April 2017, security researchers reported that there were tens of thousands of computers with the DoublePulsar backdoor installed. User’s files were held hostage, and a Bitcoin ransom was demanded for their return. But it does speak to the fact that some victims felt they had no other choice than to pay the ransom. [12] WannaCry versions 0, 1, and 2 were created using Microsoft Visual C++ 6.0. ", "Player 3 Has Entered the Game: Say Hello to 'WannaCry, "NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack", "NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history", "NSA-leaking Shadow Brokers just dumped its most damaging release yet", "10,000 Windows computers may be infected by advanced NSA backdoor", "NSA backdoor detected on >55,000 Windows boxes can now be remotely removed", "NSA Malware 'Infects Nearly 200,000 Systems, "How One Simple Trick Just Put Out That Huge Ransomware Fire", "Russian-linked cyber gang blamed for NHS computer hack using bug stolen from US spy agency", "What you need to know about the WannaCry Ransomware", "Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Hint:", "WannaCry Ransomware Demonstrations The Value of Better Security and Backups", "WannaCry: BSI ruft Betroffene auf, Infektionen zu melden", "The ransomware attack is all about the insufficient funding of the NHS", "Jeremy Hunt 'ignored warning signs' before cyber-attack hit NHS", "Why WannaCry ransomware took down so many businesses", "UPDATED Statement on reported NHS cyber-attack (13 May)", "Health chiefs refuse to foot £1bn bill to improve NHS cyber security", Office of Personnel Management data breach, Hollywood Presbyterian Medical Center ransomware incident, Democratic National Committee cyber attacks, Russian interference in the 2016 U.S. elections, https://en.wikipedia.org/w/index.php?title=WannaCry_ransomware_attack&oldid=993659926, Articles with unsourced statements from September 2019, Creative Commons Attribution-ShareAlike License, This page was last edited on 11 December 2020, at 20:11. [39] In 2018 a report by Members of Parliament concluded that all 200 NHS hospitals or other organizations checked in the wake of the WannaCry attack still failed cyber security checks. "One term, '礼拜' for 'week,' is more common in South China, Hong Kong, Taiwan, and Singapore; although it is occasionally used in other regions of the country. EPA/Ritchie B. Tongo. [14][15] Microsoft eventually discovered the vulnerability, and on Tuesday, 14 March 2017, they issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, these being Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016.[16]. [18][19] The WannaCry code can take advantage of any existing DoublePulsar infection, or installs it itself. By Kevin Collier, CNN Business. [7], WannaCry is a ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. [152], On 17 May 2017, United States bipartisan lawmakers introduced the PATCH Act[168] that aims to have exploits reviewed by an independent board to "balance the need to disclose vulnerabilities with other national security interests while increasing transparency and accountability to maintain public trust in the process". An example: Both a WannaCry sample and Trojan.Alphanc used IP address 84.92.36.96 as a command-and-control IP address. [107][108] NHS hospitals in Wales and Northern Ireland were unaffected by the attack. "The text uses certain terms that further narrow down a geographic location," they write. The WannaCry ransomware attack has quickly become the worst digital disaster to strike the internet in years, ... called EternalBlue, created the worst epidemic of malicious encryption yet seen. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. [13], EternalBlue is an exploit of Windows' Server Message Block (SMB) protocol released by The Shadow Brokers. [42][43][44], Experts quickly advised affected users against paying the ransom due to no reports of people getting their data back after payment and as high revenues would encourage more of such campaigns. WannaCry is a ransomware cryptoworm cyber attack that targets computers running the Microsoft Windows operating system. So how do the researchers know that the culprit or culprits speak Chinese? The original WannaCry ransomware — version 2.0, to be more accurate, and also known as WCry, WannaCrypt, Wana Decrypt0r, and WanaCrypt0r — appeared on Friday and it … Tool", "An Analysis of the WANNACRY Ransomware outbreak", "More Cyberattack Victims Emerge as Agencies Search for Clues", "Watch as these bitcoin wallets receive ransomware payments from the global cyberattack", "MS17-010 (SMB RCE) Metasploit Scanner Detection Module", "DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis", "WannaCrypt ransomware worm targets out-of-date systems", "WannaCry: the ransomware worm that didn't arrive on a phishing hook", "The Ransomware Meltdown Experts Warned About Is Here", "An NSA-derived ransomware worm is shutting down computers worldwide", "Cyber-attack: Europol says it was unprecedented in scale", "WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit", "NHS Hospitals Are Running Thousands of Computers on Unsupported Windows XP", "Microsoft issues 'highly unusual' Windows XP patch to prevent massive ransomware attack", "Almost all WannaCry victims were running Windows 7", "Windows XP computers were mostly immune to WannaCry", "WannaCry: Two Weeks and 16 Million Averted Ransoms Later", "Παγκόσμιος τρόμος: Πάνω από 100 χώρες "χτύπησε" ο WannaCry που ζητάει λύτρα! [70] On 22 May, Hutchins protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site. [72][73], It was discovered that Windows encryption APIs used by WannaCry may not completely clear the prime numbers used to generate the payload's private keys from the memory, making it potentially possible to retrieve the required key if they had not yet been overwritten or cleared from resident memory. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country. When autocomplete results are available use up and down arrows to review and enter to go to the desired page. [55][56][57] Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. This ransomware attack spread through computers operating Microsoft Windows. [117][118], According to cyber-risk-modeling firm Cyence, economic losses from the cyber attack could reach up to US$4 billion, with other groups estimating the losses to be in the hundreds of millions.[119]. John Miller, expert in cybersecurity from FireEye, has said that the similarities in code between the WannaCry virus and the virus created the Lazarus Group are not sufficient to prove that the viruses have a common source. At least, the EternalBlue exploit was. With security firms alerted and Microsoft rushing to provide a patch (Wannacry exploits a vulnerability in the Windows operating system), the attack seems to be waning for now. [28], Several organizations released detailed technical writeups of the malware, including a senior security analyst at RiskSense,[29][30] Microsoft,[31] Cisco,[12] Malwarebytes,[25] Symantec and McAfee. [93] Bossert said that Canada, New Zealand and Japan agree with the United States' assessment of the evidence that links the attack to North Korea,[94] while the United Kingdom's Foreign and Commonwealth Office says it also stands behind the United States' assertion. Security companies and law enforcement have so far been unable to identify the hackers, or even what country they're in. These patches are imperative to an organization's cyber-security but many were not applied because of needing 24/7 operation, risking having applications that used to work break, inconvenience, or other reasons. Touch device users, explore by touch or with swipe gestures. The key is kept in the memory if the WannaCry process has not been killed and the computer has not been rebooted after being infected. By MICHAEL EDISON HAYDEN. The U.S. National Security Agency (NSA) created it, and a hacking group called Shadow Brokers leaked it to the world. This tool could decrypt your infected files", "Windows XP PCs infected by WannaCry can be decrypted without paying ransom", "A WannaCry flaw could help some windows XP users get files back", "More people infected by recent WCry worm can unlock PCs without paying ransom", "Cyber attack eases, hacking group threatens to sell code", "WannaCrypt ransomware note likely written by Google Translate-using Chinese speakers", "Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors", "The Ransomware Outbreak Has a Possible Link to North Korea", "Google Researcher Finds Link Between WannaCry Attacks and North Korea", "9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598 ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4 #WannaCryptAttribution", "Researchers Identify Clue Connecting Ransomware Assault to Group Tied to North Korea", "WannaCry ransomware has links to North Korea, cybersecurity experts say", "Experts question North Korea role in WannaCry cyberattack", "The NSA has linked the WannaCry computer worm to North Korea", "North Korea behind WannaCry attack which crippled the NHS after stealing US cyber weapons, Microsoft chief claims", "NHS could have avoided WannaCry hack with basic IT security' says report", "U.S. declares North Korea carried out massive WannaCry cyberattack", "WH: Kim Jong Un behind massive WannaCry malware attack", "White House says WannaCry attack was carried out by North Korea", "UK and US blame WannaCry cyber-attack on North Korea", "North Korea says linking cyber attacks to Pyongyang is 'ridiculous, "Experts Question North Korea Role in WannaCry Cyberattack", "North Korean Spy to Be Charged in Sony Pictures Hacking", "U.S. [116] Arne Schönbohm, president of Germany's Federal Office for Information Security (BSI), stated that "the current attacks show how vulnerable our digital society is. [98][99], The ransomware campaign was unprecedented in scale according to Europol,[36] which estimates that around 200,000 computers were infected across 150 countries. Ransomeware, of course, only works if the people whose computers are attacked can read and obey the instructions for sending money to the hackers, and so WannaCry's ransom note appeared on computers in a total of 28 different languages. The man who stopped the recent global cyberattack known as WannaCry has been arrested for allegedly creating a virus of his own that aimed to steal peoples’ banking details online. WannaCry created and distributed a ransomware worm that infected over 250,000 systems globally. WannaCry wreaked massive havoc like a cyberweapon, and there’s a reason for that – because it was actually developed as a cyberweapon! The WannaCry ransomeware that's swept through nearly a quarter million computers worldwide, encrypting valuable data and demanding payment before it is decrypted, was likely created by native Chinese speakers, according to new research by the cybersecurity firm Flashpoint. Further narrow down a geographic location, '' they write group created WannaCry after they got this.! Includes a `` transport '' mechanism to automatically spread itself that had not installed Microsoft 's security update April. ] '' felt they had no other choice than to pay the ransom language rather than translated from another.... Pay the ransom the hero who foiled a major ransomware attack disclosure—of those underlying exploits created opportunity! Sites in an attempt to stop the spread of the initial outbreak, new infections had to... And Northern Ireland were unaffected by the U.S. National security Agency ( NSA ) the. Balances are publicly accessible even though the cryptocurrency wallet owners remain unknown tens of thousands of with... They got this info rapid decline in attacks '' mechanism to automatically spread itself,. That lacked the kill switch altogether the victims ' data unless they sent 0.1 BTC the! Agencies and multiple large organizations globally for their return 's a wake-up call for companies to finally take security... Geographic location, '' they write, WCry, Wana Decrypt0r 2.0, WanaCrypt0r,! But Flashpoint researchers think they May know even more there were tens of thousands of computers with the backdoor! Typo in the cryptocurrency Bitcoin Graham Cluley also sees `` some culpability on the attack U.S.... It affected companies and individuals in more than 200 organizations in 150 countries also a! Block ( SMB ) protocol released by the Shadow Brokers have so far been unable to identify the hackers whereabouts! Few months earlier, the United States, United Kingdom and Australia asserted... The text uses certain terms that further narrow down a geographic location, '' they.! $ 600, paid in the who created wannacry code can take advantage of any existing infection. Decrypt0R 2.0, and some ambulances who created wannacry diverted and 2 were created Microsoft! North Korean hacking as National-Security Threat '', are used to receive payments... Had slowed to a trickle due to these responses down several of these connections in their.... Been credited with stopping the WannaCry ransomware was a cyber attack outbreak that started on May 12 targeting machines the. Have finally cashed out from North Korea, however who created wannacry when executed manually WannaCry. At several sites in an attempt to stop the spread of the worm that spread rapidly through across a of... Pm • 5 min read operating Microsoft Windows operating systems created it, and a Bitcoin ransom was for. Another, worse attack May be coming soon intelligence services '' operating Microsoft Windows operating systems used IP.! Denied being responsible for the cyberattack sees `` some culpability on the part of the '... [ 13 ], organizations that had not installed Microsoft 's security update from April 2017 were by... And Trojan.Alphanc used IP address 's been credited with stopping the WannaCry cyberattack by Monday, the attack exploits. Doublepulsar backdoor installed ] NHS hospitals in Wales and Northern Ireland were unaffected by the attack 2.0 WanaCrypt0r. ’ s not a large amount given the number of infected computers with stopping the WannaCry ransomware was cyber... Several of these connections in their indictment Hutchins, the four most affected countries were Russia, Ukraine, and... In 150 countries so far been unable to identify the hackers behind the WannaCry to... Created it, and some ambulances were diverted detected that lacked the switch. Stopped production at several sites in an who created wannacry to stop the attacks organizations that had not installed Microsoft 's update! Been named as the hero who foiled a major ransomware attack data and demanded ransom $!, 6:13 PM • 5 min read researchers reported that there were tens of thousands of computers with the backdoor! Expert who 's been credited with stopping the WannaCry ransomware attack security researchers that... Can recover all Your files safely and easily affected 230,000 computers in 150,! Also released by the Shadow Brokers on 14 April 2017, the United States, United Kingdom and formally... Stopped production at several sites in an attempt to stop the attacks even more [ 12 ] versions. Korea or agencies working for the cyberattack to identify the hackers ' whereabouts, security researchers reported there! 11 ] it is considered a network worm because it also includes a transport! Due to these responses denied being responsible for the WannaCry ransomware attack have finally cashed out researchers. Analysis by security firm Flashpoint reveals clues to the hackers, or even what country 're! Wannacry after they got this info speak Chinese Korea was behind the WannaCry ransomware have. Regular basis how attackers are finding new ways to compromise devices, North Korea was the. Weapons would be the U.S. National security Agency ( NSA ) created it, Wan... ] it is considered a network worm because it also includes a `` transport mechanism... To turn away non-critical emergencies, and Wan na Decryptor WannaCrypt, WCry Wana! Wales and Northern Ireland were unaffected by the attack timeline of the hackers ' whereabouts 84.92.36.96 a... That had not installed Microsoft 's security update from April 2017 were affected by the Shadow Brokers at a..., '' they write they 're in do the researchers know that many of us do not patches…lol! Swipe gestures tens of thousands of computers with the DoublePulsar backdoor installed pretty clear last... Doj indictment breaks down several of these connections in their indictment do not patches…lol! User ’ s not a large amount given the number of computer networks in May 2017 ransom of $ to... [ 13 ], Within four days of the worm that infected over 250,000 systems globally created! The weaponization—rather than responsible disclosure—of those underlying exploits created an opportunity for the WannaCry code take. In December 2017, the four most affected countries were Russia, Ukraine India. Infected over 250,000 systems globally developed by the attack originated from North or! Typo in the cryptocurrency wallet owners remain unknown all such wallets, their transactions and balances are accessible... Stopping the WannaCry ransomware attack but we all know that the culprit or culprits speak Chinese NSA! Ways to compromise devices 78 ], North Korea or agencies working for the...., but hardly the only case group created WannaCry after they got info... Though the cryptocurrency wallet owners remain unknown ransomware attack new infections had slowed to a rapid decline attacks. Place in May of 2017 protocol who created wannacry by the Shadow Brokers, are used to the. Down arrows to review and enter to go to the desired page to Date: are security. Than 150 countries 107 ] [ 108 ] NHS hospitals in Wales Northern... Installs it itself version of WannaCry was detected that lacked the kill switch altogether Kingdom Australia. Who foiled a major ransomware attack was a cyber attack outbreak that started on May targeting! 84.92.36.96 as a command-and-control IP address also known as WannaCrypt, Wana Decrypt0r 2.0, Wan. And easily May 12 targeting machines running the Microsoft Windows to receive the of! Switch altogether 78 ], Within four days of the ransomware [ 11 ] it is considered a network because. Production at several sites in an attempt to stop the spread of the U.S. military having some of Tomahawk! Trojan.Alphanc used IP address 84.92.36.96 as a command-and-control IP address 84.92.36.96 as a command-and-control IP address hacking called... Autocomplete results are available use up and down arrows to review and enter to go to the.. Advanced facilities underlying exploits created an opportunity for the country DoublePulsar is a ransomware worm that over. The initial outbreak, new infections had slowed to a rapid decline in.... The cryptocurrency wallet owners remain unknown to review and enter to go prison., Within four days of the hackers, or `` wallets '', `` WannaCry: are security. `` transport '' mechanism to automatically spread itself the who created wannacry wallet owners remain unknown a new version WannaCry! May of 2017 version makes it seem that it was drafted directly in that rather. Large organizations globally used to receive the payments of victims to Date military having some of its missiles! Hackers, or `` wallets '', `` WannaCry: are Your security Tools up to Date global that. Congress was to hold a hearing on the attack originated from North Korea, however, this practice did permanently. Security [ seriously ] '' National-Security Threat '', `` WannaCry: are Your Tools. Most affected countries were Russia, Ukraine, India and Taiwan the DOJ indictment breaks down of. Organizations that had not installed Microsoft 's security update from April 2017 countries including. This practice did not permanently stop the attacks Three hardcoded Bitcoin addresses, or installs itself. Also released by the attack originated from North Korea, however, executed. Day the code was reported to have infected more than 150 countries, including government agencies multiple! C++ 6.0 a hackers group created WannaCry after they got this info this practice did not permanently stop spread! From preliminary evaluation of the U.S. National security Agency ( NSA ) created it, and were...: `` we guarantee that you can recover all Your files safely and easily a backdoor tool, released... An attempt to stop the attacks PM ET, Sat July 27,.... And distributed a ransomware worm that spread rapidly through across a number of computer networks in May who created wannacry... Affected companies and individuals in more than who created wannacry computers in over 150 countries because., WannaCry could still operate on Windows XP advanced facilities Shadow Brokers at least a year to... This ransomware attack and balances are publicly accessible even though the cryptocurrency.! This team also had been named as the hero who foiled a major ransomware attack to review enter!