Long description

This figure shows a diagram of WannaCry’s infection process. The diagram has three grey rectangles side-by-side. The orientation of the rectangles is lengthways and from left to right they are numbered 1, 2 and 3 shown in a small black circle at their top left corners. Each rectangle has a darker grey area at the top in which there is a title.

The rectangle on the left, numbered 1, has the title ‘Arrive via exploit’. In the lower part of the rectangle there is a square-shaped icon with the label ‘Eternal Blue’.

The rectangle in the middle, numbered 2, has the title ‘execute the malware’. In the lower part of the rectangle there is an icon that looks like a document with the label ‘EXE’ and below that, situated at the bottom of the rectangle is a cloud icon with the label ‘Queries domain used as kill switch’.

The rectangle on the right, numbered 3, has the title ‘Encrypt data files’. In the lower part of the rectangle there is an icon of a padlock.

An arrow flows from the ‘Eternal Blue’ icon in the rectangle 1 to the ‘EXE’ icon in rectangle 2. Two arrows flow from this icon: one goes right to the padlock icon in rectangle 3 and the other, which is dotted, goes downwards to the cloud icon immediately below. From this cloud icon, another dotted arrow flows to the ‘Eternal Blue’ icon in rectangle 1. This dotted arrow has the label ‘Spread to other devices’.