WannaCry Ransomware Infects 200,000 Systems Across 150 Countries, Crippling Hospitals and Telecoms
What Happened — On May 12 2017 the WannaCry ransomware leveraged the SMBv1 vulnerability (CVE‑2017‑0144, “EternalBlue”) to spread like a worm, encrypting files on over 200 000 computers in more than 150 nations. The exploit originated from leaked NSA tools and required no user interaction.
Why It Matters for TPRM —
- Unpatched legacy systems can become a single point of failure for an entire supply chain.
- Ransomware that propagates laterally can disrupt critical services of third‑party vendors (e.g., hospitals, telecom operators).
- The incident illustrates how nation‑state tools can be weaponised against commercial entities, raising geopolitical risk for third‑party contracts.
Who Is Affected — Healthcare providers, telecommunications carriers, government agencies, and any organization still running unsupported Windows versions (e.g., Windows XP).
Recommended Actions —
- Verify that all third‑party vendors have applied MS17‑010 or later patches and have disabled SMBv1.
- Conduct a legacy‑system inventory and retire or isolate unsupported operating systems.
- Require vendors to demonstrate ransomware‑specific incident‑response testing and network segmentation.
Technical Notes — Attack vector: remote code execution via SMBv1 (EternalBlue). No phishing; the worm self‑propagated across networks. Data encrypted with strong cryptography; ransom demanded in Bitcoin. Source: Security Affairs