The ransomware attack on the healthcare enterprise – "WannaCry" case study
In May 2017, WannaCry ransomware spread across enterprises in 150 countries. The ransomware was combined with a Microsoft Windows Server Message Block (SMB) protocol exploit called EternalBlue (ETN-WRD). The IT infrastructure in enterprises including Telefonifa, Santander, Deutsche Bank, Fedex, and so on was infected. However, the biggest impact was seen in hospitals belonging to the UK's National Health Service (NHS), where swathes of computers were infected, forcing hospitals to turn away patients and cancel surgeries.
The EternalBlue exploit, when successfully delivered, grants admin access to every connected system in an Enterprise IT infrastructure. The vulnerability existed in legacy Miscrosoft Windows versions—Windows 7 and 8, XP, and 2003.