I don't WannaCry

1. but anyway yeah so WannaCry, also known as WanaCry or WannaDecryptor 2.0 (it was the second reiteration of this virus), was a really badly written piece of ransomware that was released at about 11am on a Thursday in May. I forget the exact date. The thing that made it so killer, though, was the thing that made it spread- which was an exploit called CVE-2017-01044, or EternalBlue.
2.  
3. Eternal Blue was one of four exploits that had been found by the NSA at some point that exploited a vulnerability that goes back from Windows XP and went all the way into Windows 10. In February, I think it was, the NSA found out that a group called The ShadowBrokers were selling these exploits - they had been stolen by an NSA agent and sold on and the ShadowBrokers were trying to sell them on -- but no one could afford the asking price, so they just released them out into the world. The NSA went hat in hand to Microsoft and told them about the exploits, causing Microsoft to miss Patch Tuesday for March -- which sent the security world into a state of ??????????? because that generally means something is massively wrong. They released a patch for the exploits in April but people are bad at updating, basically.
4.  
5. So, in comes mid-May, and WannaCry hits the net. The ransomware itself is bad. The EternalBlue worm underneath it is fucking fantastic because it's an NSA exploit. This is kinda common, tbh. What it does, while the ransomware is locking down the computer and demanding like $300 in BitCoin, is look around for other computers on the LAN and the router and say "Hey, can I access you? Yeah? Cool, here's some files." And copies itself and the ransomware across. Boom. Infected. Merry Christmas, you just got fucked. What it actually did was exploit SMB, but that's complicated shit.
6.  
7. Here's the fun thing: Dude who killed WannaCry did it by accident. He was on annual leave / paid holiday from work at the time but was still monitoring his boards and Twitter for things going on when it happened - and he was like "Huh okay". He looked at the source code, found a URL was hard-coded in. The URL was unregistered so he registered it so he could track how WannaCry was progressing around the world, because the URL was being pinged by the ransomware (WannaCry goes "hello!" to the URL and waits to see if the URL says "hello!" back).
8.  
9. That was actually a sandbox detector. When people are testing out how to stop viruses or prevent virus infections for computers, they'll pull up virtual machines or sandboxes which will pretend to allow any URL to connect - ping any URL and it'll be like "Hello!" back. The URL that was hardcoded in was not meant to respond to WannaCry pinging it, so when Dude who Killed WannaCry registered it, he Killed WannaCry.
10.  
11. THEN in June, in comes Petya. NotPetya. MaybePetya. ExPetr. GoldenEye. The Ransomware that in 2 days got 30 names.