Timeline of a “ransomware” attack

Wanna Decryptor ransomware – also known as WannaCry – has attacked more than 200,000 computers in 150 countries in a bid to extort money from victims by holding files or entire computers to ransom

2013: EternalBlue spying tool developed by Equation Group to exploit flaws in Microsoft Windows XP operating system.
Group works for U.S. National Security Agency, creating cyber
weapons to attack foreign governments

Apr 2014: Microsoft ends its support of Windows XP operating system

2016: Hackers known as Shadow Brokers – believed to be linked
to Russian government – steal EternalBlue from NSA server

Aug-Oct: Shadow Brokers incorporate EternalBlue into WannaCry and attempt to auction software on underground network ZeroNet.
Shadow Brokers fail to raise one million Bitcoin auction price

Jan 2017: Shadow Brokers offer package of Windows hacking tools, including WannaCry, for 100 Bitcoin – $78,000

Mar: Microsoft issues security updates for supported versions of Windows, but not older Windows XP, Windows 8, and Windows Server 2003

Apr 14: Shadow Brokers release 300 megabytes of NSA hacking software, claiming it works against Microsoft products. Microsoft says problems have already been fixed

May 12: WannaCry launched. Worm hijacks Server Message
Block (SMB) which Windows computers use to share files and
printers across networks. SMB worm spreads to victims using XP, Windows 8 and Server 2003. Once infected, WannaCry encrypts copies of files before deleting originals and demanding $300 for decryption key

Sources: Bloomberg, Sophos, Stratfor, Wired