Cyware Social will be sunset on April 15, 2026. The service is being replaced by Cyware’s Daily Threat Intel Briefs,
offering curated security advisories on the latest threats. Enterprise users can contact us here → for more details.

Alerts Events DCR
Go to listing page

What is SMB vulnerability and how it was exploited to launch the WannaCry ransomware attack?

What is SMB vulnerability and how it was exploited to launch the WannaCry ransomware attack?
  • The United States National Security Agency developed an exploit kit dubbed ‘EternalBlue’ to exploit the SMBv1 vulnerability.
  • In May 2017, the WannaCry ransomware attack infected over 200,000 Windows systems by exploiting the SMBv1 vulnerability via the EternalBlue exploit kit.

What is SMB?

Server Message Block (SMB) is a file sharing protocol that allows Windows systems connected to the same network or domain to share files. SMB also enables computers to share printers and serial ports from other computers within the same network.

Vulnerability in SMB version 1.0

In 2017, the WannaCry ransomware attack exploited a vulnerability in SMB version 1.0 to install malware on vulnerable clients and propagate it across networks.

  • SMB v1 vulnerability could allow a remote attacker to take control of an affected system.
  • However, Microsoft released a patch to address the vulnerability.

EternalBlue exploits the SMB vulnerability

The U.S. National Security Agency discovered the vulnerability in the Windows implementation of the SMB protocol. However, instead of reporting the vulnerability to Microsoft, it developed an exploit kit dubbed ‘EternalBlue’ to exploit the vulnerability.

The EternalBlue exploit kit was however stolen by the Shadow Brokers hacking group who later leaked the exploit kit on April 08, 2017.

WannaCry attack

  • In May 2017, the WannaCry ransomware attack targeted Windows systems by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
  • The attack campaign infected Windows systems with WannaCry ransomware which propagated through the EternalBlue exploit kit exploiting the SMBv1 vulnerability.
  • WannaCry ransomware was spreading like a computer worm, laterally across computers by exploiting the Windows SMB vulnerability.
  • Almost 200,000 computers across 150 countries were found to be infected in the attack.
According to recent research, nearly 1.7 million internet-connected endpoints are still vulnerable to the SMB exploit.
Cyware Publisher

Publisher

Cyware

Previous

PlugX RAT: The tale of the RAT that has been used in va ...

Malware and Vulnerabilities

Next

Account takeover attack: Here’s a close view of one of ...

Malware and Vulnerabilities

RESOURCES
Cyber Fusion Center Guide
EVENTS
News and Updates, Hacker News

Get in touch with us now!

1-855-692-9927

Download Cyware Social App

Terms of Use Privacy Policy © 2023