WannaCry/EternalBlue Detector

bundle

#1

####Bundle details and download
https://www.extrahop.com/customers/community/bundles/costlow/wannacryeternalblue-detector/

####Description
This bundle detects WannaCry by looking for the specific EternalBlue exploit used to propagate itself. It shows infected victims and attackers. It also shows hosts that are looking up the killswitch domains.


#2

Just reposting this information here, in case someone needs it:

So now there is a possibility to unlock files encrypted by WannaCry ransomware
using a free decryption program

https://blog.malwarebytes.com/cybercrime/2017/05/wannadecrypt-your-files/

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html

https://malwareless.com/free-wannacry-ransomware-decryption-tool-unlock-files-without-paying-ransom/

The decryptor is only going to work if you haven’t killed the ransomware process (should be wnry.exe or
or wcry.exe) in Task Manager.