WannaCryis aransomwareattack that erupted in May 2017, infecting over 200,000 systems across 150 countries. It exploited theEternalBluevulnerability (MS17-010) in Microsoft Windows SMBv1, targeting unpatched systems (e.g., Windows XP, Server 2003). Developed by the NSA and leaked by the Shadow Brokers, EternalBlue allowed remote code execution.
Ransomware Mechanics:
Encryption:WannaCry used RSA-2048 and AES-128 to encrypt files, appending extensions like .wcry.
Ransom Demand:Displayed a message demanding $300–$600 in Bitcoin, leveraging a hardcoded wallet.
Worm Propagation:Self-replicated via SMB, scanning internal and external networks, unlike typical ransomware requiring user interaction (e.g., phishing).
Malware Context:While WannaCry is malware (malicious software), "ransomware" is the precise subcategory, distinguishing it from viruses, trojans, or spyware. Malware is a broad term encompassing any harmful code; ransomware specifically encrypts data for extortion. CNSP likely classifies WannaCry as ransomware to focus on its payload and mitigation (e.g., patching, backups).
Why other options are incorrect:
B. Malware:Correct but overly generic. WannaCry’s defining trait is ransomware behavior, not just maliciousness. Specificity matters in security taxonomy for threat response (e.g., NIST IR 8019).
Real-World Context:WannaCry crippled NHS hospitals, highlighting patch management’s criticality. A kill switch (a domain sinkhole) halted it, but variants persist.References:CNSP Official Study Guide (Malware and Exploits); Microsoft Security Bulletin MS17-010, NIST IR 8019.
Submit