Accession Number:



Hands On Cybersecurity Studies: Multi Perspective Analysis Of The WannaCry Ransomware

Descriptive Note:

[Technical Report, Technical Report]

Corporate Author:

US Army Research Laboratory

Report Date:


Pagination or Media Count:



When the WannaCry ransomware was first launched in May 2007, it led to devastating impacts due to the continued use of unpatched and vulnerable software. In this technical report, we describe one of the earlier versions of the ransomware and then provide a series of steps, in the form of an educational exercise, to set up and analyze the malware. We include a multi-perspective analysis of the malware using system observation, network packet analysis, and reverse engineering. In the final steps of the exercise, we describe near-term fixes to stop the malware spread by implementing a kill switch, which is uncovered through the exercise and also longer-term mitigations and best practices to protect against similar malware in the future.

Subject Categories:

  • Computer Systems Management and Standards
  • Unconventional Warfare

Distribution Statement:

[A, Approved For Public Release]