WannaCry infected over 200,000 computers in 150 countries. The large-scale ransomware attack infected a large number of global companies such as FedEx, LATAM airlines, Renault, and most notably the NHS.

The code took advantage of an SMB protocol vulnerability, called the EternalBlue exploit, discovered by the NSA and exposed to the public in a leak.

The attack was thwarted by a "kill-switch" that prevented its spread. The ransomware used a method of detecting if it were in a sandbox that involved searching for a response from an unregistered domain, if no response was recorded then it would activate. By registering this domain, it made the ransomware believe it was getting a response from a sandbox environment since its signal to the now registered domain garnered a response, in the same way a sandbox would.

This will not be the last kind of attack of this nature and in the future the deactivation may not be as simple.

Check out Citrix for an in-depth summary of the WannaCry virus' spread and how it could be defencded against.

Note: We have no reports of any Avanan customers being affected by the WannaCry attack.