Cyber Threat Actor: WannaCry Gang
| Actor Type | Location | Known Incidents |
Criminal
|
Indonesia
|
1 incident |
|---|
Profile
The threat actor known as the WannaCry Gang is identified by the alias WannaCry Gang and has been associated with Indonesia as its known location. This actor gained notoriety for deploying the WannaCry ransomware family in a series of infections that affected organizations worldwide. The group’s activities are primarily recognized through the use of this specific ransomware strain, which propagates by exploiting unpatched systems.
In May 2017 the WannaCry Gang carried out an attack on the library systems of Universitas Jember in Indonesia, an incident documented by a local news source. The intrusion resulted in the encryption of data stored on the affected systems and the subsequent demand for ransom payments to restore access. This event disrupted normal library operations and highlighted the actor’s reliance on ransomware as a means to extort money from victims. The ransom demand itself provides a clear indication of a financially motivated objective, as the actor sought monetary compensation in exchange for decryption keys.
The only confirmed tactic, technique, or procedure linked to the WannaCry Gang in the available information is the employment of the WannaCry ransomware malware. No specific initial access vectors, tooling styles, or additional malware families are described in the source material. Public attribution does not establish a state nexus or criminal consortium affiliation for the group, and no other campaigns beyond the Universitas Jember incident are detailed in the provided context. Consequently, the profile remains confined to the observed ransomware activity and its direct impact on the targeted educational institution.
