[摘要] Ransomware is a specific type of malware that threatens the victim’s access to her data unless a ransom is paid. It is also known as a cryptovirus due to its method of operation. Typically, ransomware encrypts the contents of the victim’s hard drive thereby rendering it inaccessible to the victim. Upon payment of the ransom, the decryption key is released to the victim. This is therefore also called cryptoviral extortion. The ransomware itslef is delivered to the victim using several channels. The most common channel of delivery is by masquerading the malware as a trojan horse via an email attachment. In this paper, we study a high-profile example of a ransomware called the WannaCry worm . This ransomware is particularly malicious since it had the ability to traverse computing equipment on a network without any human intervention. To better understand the inner workings of this high-profile ransomware, we obtain a sample of WannaCry and dissect it completely using advanced static and dynamic malware analysis techniques. This effort, we hope, will shed light on the inner workings of the malware and will enable cyber security experts to better thwart similar attacks in the future. Our analysis is conducted in a Win32 environment and we present our detailed analysis so as to enable reproduction of our work by other malware analysts. Lastly, we present a protoype software that will enable a user to prevent this malware from unleashing its payload and protect the user on a Win32 environment.