WannaCry is a ransomware attack that erupted in May 2017, infecting over 200,000 systems across

150 countries. It exploited the EternalBlue vulnerability (MS17-010) in Microsoft Windows SMBv1,

targeting unpatched systems (e.g., Windows XP, Server 2003). Developed by the NSA and leaked by

the Shadow Brokers, EternalBlue allowed remote code execution.

Ransomware Mechanics:

Encryption: WannaCry used RSA-2048 and AES-128 to encrypt files, appending extensions like .wcry.

Ransom Demand: Displayed a message demanding $300–$600 in Bitcoin, leveraging a hardcoded

wallet.

Worm Propagation: Self-replicated via SMB, scanning internal and external networks, unlike typical

ransomware requiring user interaction (e.g., phishing).

Malware Context: While WannaCry is malware (malicious software), "ransomware" is the precise

subcategory, distinguishing it from viruses, trojans, or spyware. Malware is a broad term

encompassing any harmful code; ransomware specifically encrypts data for extortion. CNSP likely

classifies WannaCry as ransomware to focus on its payload and mitigation (e.g., patching, backups).

Why other options are incorrect:

B . Malware: Correct but overly generic. WannaCry’s defining trait is ransomware behavior, not just

maliciousness. Specificity matters in security taxonomy for threat response (e.g., NIST IR 8019).

Real-World Context: WannaCry crippled NHS hospitals, highlighting patch management’s criticality. A

kill switch (a domain sinkhole) halted it, but variants persist.

Reference: CNSP Official Study Guide (Malware and Exploits); Microsoft Security Bulletin MS17-010,

NIST IR 8019.