New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil ICS-SCADA Exam - Topic 1 Question 36 Discussion

Actual exam question for Eccouncil's ICS-SCADA exam
Question #: 36
Topic #: 1
[All ICS-SCADA Questions]

What share does the WannaCry ransomware use to connect with the target?

Show Suggested Answer Hide Answer
Suggested Answer: A

The WannaCry ransomware utilizes the $IPC (Inter-Process Communication) share to connect with and infect target machines. This hidden network share supports the operation of named pipes, which facilitates the communication necessary for WannaCry to execute its payload across networks. Reference:

CISA Analysis Report, 'WannaCry Ransomware'.

WannaCry ransomware uses the SMB (Server Message Block) protocol to propagate through networks and connect to target systems. Specifically, it exploits a vulnerability in SMBv1, known as EternalBlue (MS17-010).

IPC Share: The $IPC (Inter-Process Communication) share is a hidden administrative share used for inter-process communication. WannaCry uses this share to gain access to other machines on the network.

SMB Exploitation: By exploiting the SMB vulnerability, WannaCry can establish a connection to the $IPC share, allowing it to execute the payload on the target machine.

Propagation: Once connected, it deploys the DoublePulsar backdoor and then spreads the ransomware payload.

Given these details, the correct answer is $IPC.

Reference

'WannaCry Ransomware Attack,' Wikipedia, WannaCry.

'MS17-010: Security Update for Windows SMB Server,' Microsoft, MS17-010.


by Kendra at Nov 25, 2025, 03:18 PM

Limited Time Offer

25%

Off

Get Premium ICS-SCADA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lonny
8 hours ago
$SPOOL sounds right to me.
upvoted 0 times
...
Felicitas
6 days ago
I thought it was $Admin!
upvoted 0 times
...
Sharen
11 days ago
Ah, the classic ransomware share options. Gotta love the creativity.
upvoted 0 times
...
Lyla
16 days ago
$SPOOL? Is that what the ransomware uses to print your files hostage notes?
upvoted 0 times
...
Lorrine
21 days ago
D) $C? What is this, Windows 95?
upvoted 0 times
...
William
26 days ago
C) $SPOOL? Really? That's just silly.
upvoted 0 times
...
Santos
1 month ago
B) $Admin would make sense for a ransomware to target.
upvoted 0 times
...
Eric
1 month ago
I’m leaning towards $IPC as the answer, but I might be mixing it up with another malware. I should have reviewed my notes better!
upvoted 0 times
...
Junita
1 month ago
I practiced a question about ransomware shares, and I think $SPOOL was mentioned, but I don't remember if it was for WannaCry specifically.
upvoted 0 times
...
Nicolette
2 months ago
I think WannaCry uses the $IPC share, but I'm not entirely sure. I remember it being a common target in similar questions.
upvoted 0 times
...
Lourdes
2 months ago
I'm pretty confident the answer is A) $IPC. That's the standard inter-process communication share that a lot of malware uses to connect to remote systems. The other options don't seem as likely for how WannaCry would have spread.
upvoted 0 times
...
Eden
2 months ago
Okay, let me think this through step-by-step. WannaCry was a worm that spread via the EternalBlue SMB vulnerability, so it would need to connect to a share on the target system. Based on that, I'm guessing the answer is either A) $IPC or D) $C, since those are common administrative shares. I'll have to review my notes to be sure.
upvoted 0 times
...
Britt
2 months ago
A) $IPC seems like the most likely option for WannaCry to use.
upvoted 0 times
...
Carmela
2 months ago
It's $IPC for sure.
upvoted 0 times
...
Shayne
3 months ago
I feel like I studied this, but I can't recall if it was $Admin or $IPC. They both sound familiar in the context of ransomware.
upvoted 0 times
...
Rashad
3 months ago
Hmm, I'm a bit confused on this one. I know WannaCry used a specific SMB vulnerability, but I can't remember the exact share name it used to spread. I'll have to think this through carefully.
upvoted 0 times
...
Darrel
3 months ago
I'm pretty sure it's A) $IPC, that's the standard share used for network connections in a lot of malware.
upvoted 0 times
Delfina
2 months ago
I think it's A) $IPC too. Makes sense.
upvoted 0 times
...
Yolande
3 months ago
Agreed! It's commonly used in attacks.
upvoted 0 times
...
...

Save Cancel