Skip to content
Malware family

WannaCryptor

WannaCryptor, also referred to in the provided content as WannaCry, is ransomware associated in the reporting with the Lazarus Group.

Profile source: Mallory opens in a new tab

WannaCryptor

Family profile

WannaCryptor, also referred to in the provided content as WannaCry, is ransomware associated in the reporting with the Lazarus Group. The content cites the 2017 WannaCryptor outbreak as a high-profile incident and notes that, like NotPetya, it spread using the EternalBlue exploit. It is described as a major outbreak that drew significant attention from security researchers. No additional high-confidence technical details, victim sectors, or indicators of compromise are provided in the supplied content beyond its alias relationship to WannaCry, its use of EternalBlue for propagation, and its mention in connection with Lazarus-attributed activity.

C2 tracking

Seven-day C2 activity

Derp observations, rolling seven-day window

Observed infrastructure

Last seven days

First activity
Jul 19, 2026
Last activity
Jul 19, 2026
Feed role
C2
Host form
1 IP / 0 hostnames

Leading locations

  • LU1

Leading providers

  • Ghosty Networks LLC1

Infrastructure traits

  • Hosting 1

Samples

Recent associated samples

Reported operators

Threat actors

1 named in public reporting
Lazarus

Some of the past attacks attributed to the Lazarus group attracted the interest of security researchers... the WannaCryptor outbreak...

Reporting

Research mentioning WannaCryptor

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.