{"id":18532,"date":"2025-12-17T09:16:45","date_gmt":"2025-12-17T08:16:45","guid":{"rendered":"https:\/\/www.databack.fr\/non-categorise\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/"},"modified":"2025-12-17T11:09:15","modified_gmt":"2025-12-17T10:09:15","slug":"wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions","status":"publish","type":"post","link":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/","title":{"rendered":"WannaCry ransomware: understanding the attack, its numbers, and solutions"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In May 2017, the WannaCry <strong>ransomware<\/strong> unleashed a wave of attacks on a scale rarely seen, affecting businesses, hospitals, government agencies, and individuals around the world.  <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">What is a WannaCry ransomware attack?<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">To fully <strong>understand WannaCry<\/strong>, we first need to remind you what ransomware is. Ransomware is malicious software that encrypts your files, preventing you from accessing them, then demands a ransom, usually in cryptocurrency, to supposedly decrypt them. <\/p>\n\n<p class=\"wp-block-paragraph\">A WannaCry <a href=\"https:\/\/www.databack.fr\/en\/data-recovery-expert\/ransomware-data-recovery\/\">ransomware<\/a> attack broadly follows the same principle, but with characteristics that make it particularly worrying, and almost <em>pandemic <\/em>at the time:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong>Infection<\/strong>: the malware installs itself on a vulnerable Windows workstation, often via an exposed network port, without any user action.<\/li>\n\n\n\n<li><strong>Encryption<\/strong>: the most important files are encrypted (documents, images, databases), making day-to-day work virtually impossible.<\/li>\n\n\n\n<li><strong>Ransomware<\/strong>: a message is displayed, usually demanding the equivalent of $300 to $600 in Bitcoin, with a countdown timer and the threat of data deletion.<\/li>\n\n\n\n<li>Automatic propagation: WannaCry is unique in that it spreads from machine to machine within a network, almost autonomously.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">In other words, if you were an IT manager in 2017, a single infected workstation, uncorrected, could be enough to rapidly contaminate a large part of your network, with a striking domino effect.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"600\" height=\"400\" src=\"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png\" alt=\"wannacry ransomware\" class=\"wp-image-18522\" srcset=\"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png 600w, https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry-300x200.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n<\/div>\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">Looking back on 2017: the WannaCry attack in a few key figures<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">To <strong>gauge the severity of the WannaCry episode<\/strong>, it&#8217;s useful to look at a few figures, taken from <strong>public reports<\/strong>, and analyses by several cybersecurity players.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Indicator<\/td><td>Approximate value<\/td><td>Comments<\/td><\/tr><tr><td>Infected machines<\/td><td>&gt; 200 000<\/td><td>Computers compromised in the first few days of the attack, worldwide.<\/td><\/tr><tr><td>Countries affected<\/td><td>\u2248 150<\/td><td>Found on every continent, including Europe, Asia and America.<\/td><\/tr><tr><td>Total amount of ransoms paid<\/td><td>Approximately $130,000<\/td><td>Sum observed on the Bitcoin wallets associated with the attack.<\/td><\/tr><tr><td>Overall economic cost<\/td><td>Several billion dollars<\/td><td>Estimates range from $4 billion to $8 billion in losses, depending on the source.<\/td><\/tr><tr><td>Affected companies<\/td><td>Tens of thousands<\/td><td>Large industrial companies, hospitals, national administrations.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">In concrete terms, public health services had to postpone thousands of appointments, production lines came to a standstill and transport was disrupted. The shock was such that, in many organizations, cybersecurity went from being a peripheral issue to a strategic, almost existential concern. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">How did WannaCry manage to spread so quickly?<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">At this point, you&#8217;re probably wondering how a single piece of ransomware could have spread so widely, in such a short space of time. The answer lies in a combination of technical, organizational and human factors. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">A critical Windows vulnerability exploited on a large scale<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">WannaCry exploits a <strong>vulnerability in the SMBv1(Server Message Block) protocol<\/strong> on Microsoft Windows systems, known as MS17-010. Microsoft had released a security patch in March 2017, some two months before the major attack in May 2017. <\/p>\n\n<p class=\"wp-block-paragraph\">In fact, many organizations had not yet deployed this patch, sometimes for lack of time, sometimes for fear of disrupting older applications, sometimes simply because of the absence of a rigorous update process. WannaCry took advantage of this vulnerability, and spread from machine to machine, almost automatically. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">A &#8220;worm&#8221; rather than simple ransomware<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">An important subtlety, often overlooked, lies in the mode of propagation. WannaCry is not just ransomware, it&#8217;s also a worm. In other words, it scans networks and actively seeks out other vulnerable machines to copy itself, without any user interaction.  <\/p>\n\n<p class=\"wp-block-paragraph\">In a corporate network, with workstations that are often interconnected and sometimes poorly segmented, a worm of this type can spread ubiquitously, in a matter of minutes, and quickly overwhelm the reaction capacity of internal teams.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">Obsolete systems and inadequate patch management<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">Another decisive factor was the presence of numerous obsolete or unmaintained systems in the affected organizations. We have observed, for example, workstations running Windows XP or Windows Server 2003, systems already out of standard support, but still used to control industrial equipment or specialized terminals. <\/p>\n\n<p class=\"wp-block-paragraph\">These machines, rarely rebooted and sometimes considered too &#8220;sensitive&#8221; to be updated, proved to be ideal entry points for WannaCry, and facilitated a systemic spread that was difficult to contain.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">What lessons can you draw from WannaCry, for you today?<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">The good news is that the WannaCry episode served as a trigger, almost cathartic, for many organizations. It brutally highlighted the weaknesses of certain practices, and showed that a coordinated, and regular, effort can significantly reduce risk. <\/p>\n\n<p class=\"wp-block-paragraph\">If you project yourself into your own context, whether you&#8217;re an executive, an IT manager, or just a concerned user, a number of concrete lessons emerge.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">1. System upgrades no longer optional<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">The first, essential lesson: a system that hasn&#8217;t been updated exposes the entire organization, not just the workstation concerned. In the case of WannaCry, two elements are particularly telling: <\/p>\n\n<ul class=\"wp-block-list\">\n<li>The <strong>MS17-010 patch<\/strong> was available 2 months before the massive attack.<\/li>\n\n\n\n<li>Organizations that applied the patch in time were generally spared, or only minimally affected.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">For you, this translates into the need for a clear, documented and regular patch management process. Even if certain updates seem prosaic, or constraining, their absence can have a disproportionate impact, in the event of a vulnerability being exploited on a large scale. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">2. Reliable backups are your ultimate safety net<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">Another fundamental lesson concerns backups. Many of the organizations affected by WannaCry realized, in a hurry, that their backups were incomplete, poorly tested, or stored on media that were themselves accessible by the ransomware. <\/p>\n\n<p class=\"wp-block-paragraph\">To limit <strong>the impact of ransomware<\/strong>, and get back up and running quickly, it&#8217;s crucial to have <strong>backups<\/strong>:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Regular: daily, or at least weekly, depending on the criticality of your data.<\/li>\n\n\n\n<li>Unlinked: at least one copy must be offline, or logically isolated from the network.<\/li>\n\n\n\n<li>Tested: restoration must be checked regularly, in an almost methodical way.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Despite the attack, organizations with robust backups were able to restore their systems, limit data loss, and often avoid paying the ransom &#8211; a decisive advantage.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">3. Network segmentation limits propagation<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">WannaCry took advantage of poorly segmented networks, where an infected workstation could communicate too freely with the rest of the infrastructure. Further compartmentalization turns your network into a series of watertight compartments, drastically limiting the lateral spread of malware. <\/p>\n\n<p class=\"wp-block-paragraph\">In concrete terms, this means :<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Isolate critical servers from user workstations using strict filtering rules.<\/li>\n\n\n\n<li>Separate production, test and administration environments.<\/li>\n\n\n\n<li>Restrict the use of older protocols, such as SMBv1, to only those cases where it is absolutely necessary, or even disable them altogether.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">So even if an entry point is compromised, the attack remains contained, and your response capabilities remain intact.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"600\" height=\"400\" src=\"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/wannacry-ransomware.png\" alt=\"Wannacry ransomware\" class=\"wp-image-18545\" srcset=\"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/wannacry-ransomware.png 600w, https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/wannacry-ransomware-300x200.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n<\/div>\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">What concrete actions can be taken against ransomware, including WannaCry?<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">Let&#8217;s move on to a more operational <strong>plan of action<\/strong>, which you can adapt to your organization, whether large or small. The aim is to reduce, as far as possible, the probability of infection, and the impact of an incident should it nevertheless occur. <\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">1. Implement a rigorous update policy<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">This is often the most cost-effective measure, yet it is sometimes overlooked. An effective policy should include : <\/p>\n\n<ul class=\"wp-block-list\">\n<li>A precise inventory of the systems and software used in your organization.<\/li>\n\n\n\n<li>Automatic or semi-automatic deployment of security patches.<\/li>\n\n\n\n<li>Rapid but systematic testing on a small perimeter, prior to global deployment.<\/li>\n\n\n\n<li>Follow-up of obsolete systems, with a plan for replacement or reinforced isolation.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">By doing so, you significantly reduce the attack surface, facing not only WannaCry, but a whole myriad of other malware as well.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">2. Disable legacy protocols where possible<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\"><em>WannaCry<\/em> exploited an old, vulnerable version of the SMB protocol. A good practice is to disable, or restrict, protocols considered obsolete, whenever possible without compromising your operations. <\/p>\n\n<p class=\"wp-block-paragraph\">In other words, it may make sense to :<\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong>Disable SMBv1<\/strong>, except in very specific, duly justified cases.<\/li>\n\n\n\n<li>Limit the exposure of sensitive services to the outside world, via firewalls and access control lists.<\/li>\n\n\n\n<li>Implement the principle of least privilege, so that each department, each user, has only the rights that are strictly necessary.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">These adjustments, sometimes perceived as technical, have a very tangible effect on the overall resilience of your information system.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">3. Reinforce protection of workstations and servers<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">At the same time, <strong>technical protection for workstations<\/strong> and servers remains essential. This includes : <\/p>\n\n<ul class=\"wp-block-list\">\n<li>An up-to-date, properly configured antivirus or endpoint security solution.<\/li>\n\n\n\n<li>Email filtering of attachments and links.<\/li>\n\n\n\n<li>Blocking, wherever possible, the execution of unknown or unapproved programs.<\/li>\n\n\n\n<li>Security event logging, to facilitate early detection and incident analysis.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Far from being a panacea, these measures nonetheless increase your ability to detect, and block, an attack before it spreads widely.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">4. Raising user awareness in a pragmatic way<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">WannaCry spread primarily via a <strong>network vulnerability<\/strong>, but many ransomwares, before and after it, use human error, as leverage for infection. That&#8217;s why, beyond technology, user awareness is a decisive pillar. <\/p>\n\n<p class=\"wp-block-paragraph\">It&#8217;s useful, for example, to explain clearly to your teams :<\/p>\n\n<ul class=\"wp-block-list\">\n<li>How to recognize a suspicious e-mail, a dubious attachment or an incoherent link.<\/li>\n\n\n\n<li>Why you should never plug in unknown USB sticks, no matter how innocuous it may seem.<\/li>\n\n\n\n<li>What are the best practices for passwords and multi-factor authentication?<\/li>\n\n\n\n<li>How to react immediately in case of doubt: alert, isolate the machine, do not restart without instructions.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Regular, practical training with realistic examples helps to turn your staff from a weak link into an active line of defense.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h3 class=\"wp-block-heading\">5. Prepare an incident response plan<\/h3>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">Finally, despite all precautions, there is no such thing as zero risk. That&#8217;s why having a clear, tried-and-tested incident response plan is an essential part of your system. <\/p>\n\n<p class=\"wp-block-paragraph\">This plan should explicitly specify :<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Who to alert in the event of suspected ransomware, and through which channel.<\/li>\n\n\n\n<li>How to quickly isolate a compromised machine or network segment.<\/li>\n\n\n\n<li>What are the priority restoration steps from backups?<\/li>\n\n\n\n<li>Which external contacts to mobilize, if necessary (cyber insurer, service provider, competent authorities).<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">By preparing these procedures in advance, you save precious time, and reduce the risk of improvised, sometimes costly, decisions in a panic.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">Should you pay the ransom in the event of a WannaCry-type attack?<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">The question often arises, especially when critical data is encrypted, and emotional pressure is high. In the case of WannaCry, many organizations didn&#8217;t pay, either because they had backups, or because they strongly doubted the attackers&#8217; real ability, to restore the <strong>data<\/strong>. <\/p>\n\n<p class=\"wp-block-paragraph\">From a general point of view, paying ransom remains inadvisable, for several reasons:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>There&#8217;s no guarantee that you&#8217;ll get your data back, even if you pay.<\/li>\n\n\n\n<li>You are potentially financing the pursuit of criminal activities.<\/li>\n\n\n\n<li>You risk being identified as a &#8220;solvent&#8221; target, and therefore targeted again.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">It&#8217;s precisely to avoid this dilemma that it&#8217;s so important to invest upstream in prevention, safeguards and operational readiness.<\/p>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h2 class=\"wp-block-heading\">In conclusion: from the WannaCry episode, towards more mature cybersecurity<\/h2>\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<p class=\"wp-block-paragraph\">If we take a step back, WannaCry acted as an almost brutal revelation of the fragilities accumulated, over the years, in many information systems. But it also showed that with more mature practices, regular updates, reliable backups, and a better-prepared organization, the impact of this type of attack can be greatly mitigated. <\/p>\n\n<p class=\"wp-block-paragraph\">Putting yourself in your own shoes, whether you&#8217;re in charge of a small structure, a large group, or an ordinary user, the essential thing to remember is that protection against ransomware is not out of reach. It relies on a combination of technical gestures, organizational rigor, and human awareness, admittedly demanding, but perfectly realistic.By adopting these <strong>good practices<\/strong>, learning from the lessons of WannaCry, you durably strengthen the resilience of your systems, gain peace of mind, and reduce the likelihood that your organization will, one day, find itself paralyzed by an unexpected ransomware screen. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wannacry ransomware, everything you need to know.<\/p>\n","protected":false},"author":10,"featured_media":18523,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_title":"Wannacry ransomware: a complete guide to the attack","_yoast_wpseo_metadesc":"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.","footnotes":""},"categories":[133,77],"tags":[],"ppma_author":[144],"class_list":["post-18532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ransomware-incidents","author-samuel-durand-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wannacry ransomware: a complete guide to the attack<\/title>\n<meta name=\"description\" content=\"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wannacry ransomware: a complete guide to the attack\" \/>\n<meta property=\"og:description\" content=\"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/\" \/>\n<meta property=\"og:site_name\" content=\"Databack\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-17T08:16:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-17T10:09:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Samuel Durand\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Samuel Durand\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wannacry ransomware: a complete guide to the attack","description":"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/","og_locale":"en_US","og_type":"article","og_title":"Wannacry ransomware: a complete guide to the attack","og_description":"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.","og_url":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/","og_site_name":"Databack","article_published_time":"2025-12-17T08:16:45+00:00","article_modified_time":"2025-12-17T10:09:15+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png","type":"image\/png"}],"author":"Samuel Durand","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Samuel Durand","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#article","isPartOf":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/"},"author":{"name":"Samuel Durand","@id":"https:\/\/www.databack.fr\/en\/#\/schema\/person\/531f3f19be2ec1ba9dcf678d099e2c51"},"headline":"WannaCry ransomware: understanding the attack, its numbers, and solutions","datePublished":"2025-12-17T08:16:45+00:00","dateModified":"2025-12-17T10:09:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/"},"wordCount":1906,"publisher":{"@id":"https:\/\/www.databack.fr\/en\/#organization"},"image":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png","articleSection":["BLOG","Ransomware incidents"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/","url":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/","name":"Wannacry ransomware: a complete guide to the attack","isPartOf":{"@id":"https:\/\/www.databack.fr\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#primaryimage"},"image":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png","datePublished":"2025-12-17T08:16:45+00:00","dateModified":"2025-12-17T10:09:15+00:00","description":"Wannacry is a 2017 ransomware attack that took advantage of a vulnerability in computers with the Windows operating system.","breadcrumb":{"@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#primaryimage","url":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png","contentUrl":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/12\/ransomware-wannacry.png","width":600,"height":400,"caption":"ransomware wannacry"},{"@type":"BreadcrumbList","@id":"https:\/\/www.databack.fr\/en\/blog\/wannacry-ransomware-understanding-the-attack-its-numbers-and-solutions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"R\u00e9cup\u00e9ration de donn\u00e9es","item":"https:\/\/www.databack.fr\/en\/home\/"},{"@type":"ListItem","position":2,"name":"WannaCry ransomware: understanding the attack, its numbers, and solutions"}]},{"@type":"WebSite","@id":"https:\/\/www.databack.fr\/en\/#website","url":"https:\/\/www.databack.fr\/en\/","name":"Databack","description":"Laboratoire fran\u00e7ais de traitement de donn\u00e9es sensibles et volumineuses","publisher":{"@id":"https:\/\/www.databack.fr\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.databack.fr\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.databack.fr\/en\/#organization","name":"Datenabruf","url":"https:\/\/www.databack.fr\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.databack.fr\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/06\/favicon.png","contentUrl":"https:\/\/www.databack.fr\/wp-content\/uploads\/2025\/06\/favicon.png","width":512,"height":512,"caption":"Datenabruf"},"image":{"@id":"https:\/\/www.databack.fr\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.databack.fr\/en\/#\/schema\/person\/531f3f19be2ec1ba9dcf678d099e2c51","name":"Samuel Durand","description":"Ing\u00e9nieur en g\u00e9nie \u00e9lectronique, Samuel Durand d\u00e9bute sa carri\u00e8re dans le domaine de la r\u00e9cup\u00e9ration de donn\u00e9es, o\u00f9 il se forge une solide expertise au sein d\u2019une entreprise pendant plus de quatre ans. En 2004, il cr\u00e9e DATABACK, un laboratoire ind\u00e9pendant enti\u00e8rement tourn\u00e9 vers le traitement et la r\u00e9cup\u00e9ration de donn\u00e9es. Il occupe aujourd\u2019hui le poste de directeur technique. Sous sa direction, DATABACK a mis au point des solutions innovantes pour restaurer des volumes importants de donn\u00e9es sensibles. Face \u00e0 la multiplication des cyberattaques, et en particulier des ran\u00e7ongiciels, il d\u00e9veloppe avec son \u00e9quipe des outils et des logiciels capables de traiter ces situations complexes, dans le respect des contraintes techniques et de confidentialit\u00e9 de ses clients.","sameAs":["https:\/\/www.linkedin.com\/in\/samuel-durand-1a78877\/"]}]}},"authors":[{"term_id":144,"user_id":0,"is_guest":1,"slug":"samuel-durand-en","display_name":"Samuel Durand","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/posts\/18532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/comments?post=18532"}],"version-history":[{"count":4,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/posts\/18532\/revisions"}],"predecessor-version":[{"id":18550,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/posts\/18532\/revisions\/18550"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/media\/18523"}],"wp:attachment":[{"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/media?parent=18532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/categories?post=18532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/tags?post=18532"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.databack.fr\/en\/wp-json\/wp\/v2\/ppma_author?post=18532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}