Ransomware Bundle Updated to Detect WannaCry Details | ExtraHop

You've probably heard about the WannaCry (variously known as Wannacrypt0r, Wanna Decryptor, WannaCrypt, etc.) malware by now. I updated our ransomware bundle this afternoon to detect the *.WNCRY file extension and @Please_Read_Me@.txt ransom note. Of course, the bundle also looks for unusual CIFS/SMB write activity indicative of any ransomware strain.

See my video below for more details.

Already an ExtraHop customer? Download the Ransomware Bundle v1.2.6 here.

If you've been hiding under a rock, you can get up to date by checking #NHScyberattack on Twitter. Besides hitting National Health Service hospitals in the United Kingdom, the malware is also spreading in other organizations worldwide, including Telefonica, by taking advantage of a vulnerability in a Windows file-sharing service to propagate quickly. Brian Krebs has a good summary.

Download this whitepaper to learn how you can integrate the ExtraHop platform with your firewall and network access control devices to automatically block malicious IPs and quarantine ransomware-infected clients.


This is a companion discussion topic for the original entry at https://www.extrahop.com/company/blog/2017/ransomware-bundle-updated/
1 Like