WannaCry ransomware made waves as part of a global cyber attack detected in 2017, which resulted in around US$4 billion¹ in financial losses. The ransomware campaign targeted organizations in various industries, including the telecommunications, airline, and medical services sectors.

As a self-replicating malware that exploits a vulnerability in Windows, WannaCry has become notorious. The ransomware was last seen in August 2021², still making the identification of WannaCry ransomware-related properties critical.

Over the years, hundreds of WannaCry IoCs have been released by different security experts. WhoisXML API DNS Threat Researcher Dancho Danchev analyzed some of the publicly available IoCs to obtain actionable threat intelligence that can help organizations reinforce their cybersecurity posture. This report shows:

• 16 registrant email addresses known for their involvement with the campaign
• 140+ ransomware command-and-control (C&C) domains connected to the campaign
• 100+ related ransomware domains that are currently active and share the same registrant email address
• 180+ malicious and fraudulent MD5 hashes

Read the WannaCry Ransomware Domain Portfolio report and strengthen your cyberdefense by including the ransomware C&C domain registrant email addresses and connected domains to your blocklist. Download the report now.

• [1] https://www.kaspersky.com/resource-center/threats/ransomware-wannacry 
• [2] https://any.run/malware-trends/wannacry