<P> On 19 May, it was reported that hackers were trying to use a Mirai botnet variant to effect a distributed attack on WannaCry's kill - switch domain with the intention of knocking it offline . On 22 May, @ MalwareTechBlog protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site . </P> <P> The network infection vector, EternalBlue, was released by the hacker group called The Shadow Brokers on 14 April 2017, along with other tools apparently leaked from Equation Group, which is widely believed to be part of the United States National Security Agency . </P> <P> EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol . This Windows vulnerability was not a zero - day flaw, but one for which Microsoft had released a "critical" advisory, along with a security patch to fix the vulnerability two months before, on 14 March 2017 . The patch was to the Server Message Block (SMB) protocol used by Windows, and fixed several versions of the Microsoft Windows operating system, including Windows Vista, Windows 7, Windows 8.1, and Windows 10, as well as server and embedded versions such as Windows Server 2008 onwards and Windows Embedded POSReady 2009 respectively, but not the older unsupported Windows XP, Windows Server 2003, and Windows 8 (unsupported because Windows 8.1 is classified as a mandatory service pack upgrade). The day after the WannaCry outbreak Microsoft released updates for these too . </P> <P> DoublePulsar is a backdoor tool, also released by The Shadow Brokers on 14 April 2017, Starting from 21 April 2017, security researchers reported that computers with the DoublePulsar backdoor installed were in the tens of thousands . By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day . The WannaCry code can take advantage of any existing DoublePulsar infection, or installs it itself . </P>

A brief study of wannacry threat ransomware attack 2017