Sign up to save your podcasts
Or
Share 012.1: WANNACRY
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
012.1: WANNACRY
On May 12, 2017, a piece of code quietly executed somewhere in Asia and within hours had locked computers across 150 countries. WannaCry wasn't just a ransomware attack — it was the collision of an NSA cyber weapon, a mysterious group of leakers, a sanctioned rogue nation, and a 22-year-old malware analyst working from his bedroom. In this episode, explore the full WannaCry story — the technical execution, the geopolitical chain of custody, the chaos it caused, and the harder questions nobody fully answered: Should the NSA have disclosed the vulnerability? Was this North Korea's best effort or a mistake that escaped? And what does it mean when the most dangerous cyber weapon in history gets stopped by a $10 domain registration?
Call to Action:
* Subscribe to the podcast for more episodes on high-profile cyber intrusions.
* Visit our website at intrusionsindepth.com for additional stories and insights.
* Share your thoughts on social media using #IntrusionsInDepth.
Links and Resources:
* https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/
* https://www.nksc.lt/doc/ENISA-WannaCry-v1.0.pdf
* https://www.elastic.co/blog/wcrywanacry-ransomware-technical-analysis
* https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3681065/national-security-agency-announces-retirement-of-cybersecurity-director/
* https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
* https://en.wikipedia.org/wiki/Tailored_Access_Operations
* https://en.wikipedia.org/wiki/Michael_Hayden_(general)
* https://upload.wikimedia.org/wikipedia/commons/7/7d/ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_%28July_2020%29.pdf
* https://commons.wikimedia.org/wiki/File:ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_(July_2020).pdf
* https://www.securityweek.com/us-army-report-describes-north-koreas-cyber-warfare-capabilities/
* https://www.cs2ai.org/post/u-s-army-report-describes-north-korea-s-cyber-warfare-capabilities
* https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government
* https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/
* https://www.darkreading.com/cyberattacks-data-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic
* https://www.bankinfosecurity.com/blogs/wannacrys-ransom-note-great-in-chinese-poor-in-korean-p-2481
* https://trumpwhitehouse.archives.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/
* https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431/
* https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
* https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
* https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government
* https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023/
* https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
* https://darknetdiaries.com/transcript/158/
* https://www.britannica.com/biography/Kim-Yo-Jong
* https://thediplomat.com/2026/02/why-kim-ju-aes-path-to-power-is-structurally-blocked/
* https://www.tripwire.com/state-of-security/malwaretech-wannacry-kronos-understanding-connections
Books:
* The Psychology of Totalitarianism by Mattias Desmet
* The Lazarus Heist by Geoff White
* Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro
* Host: Josh Stepp
* Produced by: Josh Stepp
Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!
Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe
View all episodes
By Josh SteppOn May 12, 2017, a piece of code quietly executed somewhere in Asia and within hours had locked computers across 150 countries. WannaCry wasn't just a ransomware attack — it was the collision of an NSA cyber weapon, a mysterious group of leakers, a sanctioned rogue nation, and a 22-year-old malware analyst working from his bedroom. In this episode, explore the full WannaCry story — the technical execution, the geopolitical chain of custody, the chaos it caused, and the harder questions nobody fully answered: Should the NSA have disclosed the vulnerability? Was this North Korea's best effort or a mistake that escaped? And what does it mean when the most dangerous cyber weapon in history gets stopped by a $10 domain registration?
Call to Action:
* Subscribe to the podcast for more episodes on high-profile cyber intrusions.
* Visit our website at intrusionsindepth.com for additional stories and insights.
* Share your thoughts on social media using #IntrusionsInDepth.
Links and Resources:
* https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/
* https://www.nksc.lt/doc/ENISA-WannaCry-v1.0.pdf
* https://www.elastic.co/blog/wcrywanacry-ransomware-technical-analysis
* https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3681065/national-security-agency-announces-retirement-of-cybersecurity-director/
* https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
* https://en.wikipedia.org/wiki/Tailored_Access_Operations
* https://en.wikipedia.org/wiki/Michael_Hayden_(general)
* https://upload.wikimedia.org/wikipedia/commons/7/7d/ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_%28July_2020%29.pdf
* https://commons.wikimedia.org/wiki/File:ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_(July_2020).pdf
* https://www.securityweek.com/us-army-report-describes-north-koreas-cyber-warfare-capabilities/
* https://www.cs2ai.org/post/u-s-army-report-describes-north-korea-s-cyber-warfare-capabilities
* https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government
* https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/
* https://www.darkreading.com/cyberattacks-data-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic
* https://www.bankinfosecurity.com/blogs/wannacrys-ransom-note-great-in-chinese-poor-in-korean-p-2481
* https://trumpwhitehouse.archives.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/
* https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431/
* https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
* https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
* https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government
* https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023/
* https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
* https://darknetdiaries.com/transcript/158/
* https://www.britannica.com/biography/Kim-Yo-Jong
* https://thediplomat.com/2026/02/why-kim-ju-aes-path-to-power-is-structurally-blocked/
* https://www.tripwire.com/state-of-security/malwaretech-wannacry-kronos-understanding-connections
Books:
* The Psychology of Totalitarianism by Mattias Desmet
* The Lazarus Heist by Geoff White
* Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro
* Host: Josh Stepp
* Produced by: Josh Stepp
Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!
Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe