Cyber Incident Victim: Shandong University

The WannaCry ransomware attack began impacting global computer systems on or around May 12, 2017, exploiting the EternalBlue vulnerability—a hacking tool allegedly developed by the U.S. National Security Agency (NSA) and subsequently leaked. This malware encrypted files on vulnerable Windows operating systems, displaying ransom notes demanding payment of $300 in Bitcoin to prevent permanent data deletion. Initial reports indicated over 200,000 computers across 150 countries were compromised, with particularly severe disruptions in Europe and China. Educational and research institutions emerged as primary targets due to frequent use of outdated systems and extensive networked environments. In China, 4,316 organizations—representing 14.7% of global infections—experienced operational paralysis, including universities managing critical academic deadlines.

Shandong University implemented emergency containment measures by temporarily shutting down sections of its computer laboratories to halt lateral malware spread across networked devices. Students and faculty reported widespread panic through social media platforms like Weibo, particularly among graduating students whose thesis files became inaccessible days before submission deadlines. The ransomware’s rapid propagation leveraged unpatched Windows vulnerabilities, despite Microsoft having released the critical MS17-010 security update in March 2017—two months prior to the attack. Cybersecurity experts warned of potential follow-up attacks through a rumored WannaCry 2.0 variant as work resumed after the initial outbreak weekend. The incident underscored systemic vulnerabilities in institutional IT maintenance cycles and the cascading consequences of weaponized exploits entering the public domain.