When the WannaCry ransomware was first launched in May 2007, it led to devastating impacts due to the continued use of unpatched and vulnerable software. In this technical report, we describe one of the earlier versions of the ransomware and then provide a series of steps, in the form of an educational exercise, to set up and analyze the malware. We include a multi-perspective analysis of the malware using system observation, network packet analysis, and reverse engineering. In the final steps of the exercise, we describe near-term fixes to stop the malware spread (by implementing a kill switch, which is uncovered through the exercise) and also longer-term mitigations and best practices to protect against similar malware in the future.
展开▼