- Tom Roeh
- May 12, 2017
You've probably heard about the WannaCry (variously known as Wannacrypt0r, Wanna Decryptor, WannaCrypt, etc.) malware by now. I updated our ransomware bundle this afternoon to detect the *.WNCRY file extension and @Please_Read_Me@.txt ransom note. Of course, the bundle also looks for unusual CIFS/SMB write activity indicative of any ransomware strain.
See my video below for more details.
Already an ExtraHop customer? Download the Ransomware Bundle v1.2.6 here.
If you've been hiding under a rock, you can get up to date by checking #NHScyberattack on Twitter. Besides hitting National Health Service hospitals in the United Kingdom, the malware is also spreading in other organizations worldwide, including Telefonica, by taking advantage of a vulnerability in a Windows file-sharing service to propagate quickly. Brian Krebs has a good summary.
Download this whitepaper to learn how you can integrate the ExtraHop platform with your firewall and network access control devices to automatically block malicious IPs and quarantine ransomware-infected clients.
This is a companion discussion topic for the original entry at https://www.extrahop.com/company/blog/2017/ransomware-bundle-updated/