[6] It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network.
[5] Many Windows users had not installed the Microsoft patches when, on May 12, 2017, the WannaCry ransomware attack started to use the EternalBlue vulnerability to spread itself.
EternalChampion and EternalRomance, two other exploits originally developed by the NSA and leaked by The Shadow Brokers, were also ported at the same event.
Following the massive impact of WannaCry, both NotPetya and BadRabbit caused over $1 billion worth of damages in over 65 countries, using EternalBlue as either an initial compromise vector or as a method of lateral movement.
[27] In May 2019, the city of Baltimore struggled with a cyberattack by digital extortionists; the attack froze thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
"[31] After the WannaCry attack, Microsoft took "first responsibility to address these issues", but criticized government agencies like the NSA and CIA for stockpiling vulnerabilities rather than disclosing them, writing that "an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen".
[32][33] However several commentators, including Alex Abdo of Columbia University's Knight First Amendment Institute, have criticised Microsoft for shifting the blame to the NSA, arguing that it should be held responsible for releasing a defective product in the same way a car manufacturer might be.
[34] The company was faulted for initially restricting the release of its EternalBlue patch to recent Windows users and customers of its $1,000 per device Extended Support contracts, a move that left organisations such the UK's NHS vulnerable to the WannaCry attack.
After a brief 24 hour "incubation period",[36] the server then responds to the malware request by downloading and self-replicating on the "host" machine.