Cyber Incident Victim: Bank of China

The WannaCry ransomware attack began globally on May 12, 2017, exploiting unpatched Microsoft Windows systems through the EternalBlue vulnerability—a tool allegedly stolen from the National Security Agency (NSA). Attackers deployed ransomware that encrypted files on infected machines, displaying ransom demands in Bitcoin with threats of permanent data deletion if payments weren't made within specified deadlines. The malware propagated rapidly across networks, particularly impacting organizations with outdated security patches or legacy systems. Among the confirmed affected entities were Spain's Telefonica, Russia's MEGAFON, Brazil's Petrobras and Foreign Ministry, and the United Kingdom's National Health Service (NHS), which experienced widespread operational disruptions including canceled medical procedures and emergency patient diversions.

Organizations responded with immediate system shutdowns to contain propagation, isolating infected devices and suspending non-critical services. Forensic teams analyzed the ransomware's behavior, identifying kill-switch domains that slowed its spread when registered. The attack compromised data integrity across energy, telecommunications, and government sectors, triggering regulatory investigations into potential negligence for unpatched systems. Legal experts noted risks of lawsuits from affected customers and employees, while operational impacts included financial losses from downtime and recovery costs. No verified reports confirmed ransom payments resulted in successful decryption, as security researchers worked to develop recovery tools from malware samples. The incident underscored systemic vulnerabilities in critical infrastructure preparedness against rapidly spreading cyber threats.