The 2017 WannaCry attack infected over 300,000 computers in 150 countries, exposing critical vulnerabilities in unpatched Windows systems globally.
Key Facts
- Date of attack
- 12 May 2017, 07:44–15:03 UTC
- Computers affected
- More than 300,000
- Countries affected
- 150
- Estimated total damages
- Hundreds of millions to billions of dollars
- Kill switch discoverer
- Marcus Hutchins
- Attributed to
- North Korea (per US and UK, December 2017)
By the Numbers
Cause → Event → Consequence
The NSA developed an exploit called EternalBlue targeting Microsoft Windows systems. This exploit was stolen and publicly leaked by the hacker group The Shadow Brokers in April 2017. Although Microsoft had released security patches, many organizations worldwide had not applied them due to operational constraints, resource limitations, or reliance on end-of-life systems, leaving them vulnerable.
Beginning at 07:44 UTC on 12 May 2017, the WannaCry cryptoworm spread globally using EternalBlue, encrypting data on infected Windows machines and demanding bitcoin ransom payments. The attack was halted later that day when security researcher Marcus Hutchins registered a domain acting as a kill switch, stopping further encryption and propagation.
More than 300,000 computers across 150 countries were affected, with damages estimated in the hundreds of millions to billions of dollars. The United States and United Kingdom formally attributed the attack to North Korea in December 2017. A subsequent WannaCry variant struck Taiwan Semiconductor Manufacturing Company in August 2018, temporarily shutting down chip-fabrication facilities and spreading to 10,000 machines.