6 min
WannaCry
WannaCry, Two Years On: Current Threat Landscape, Forgotten Lessons, and Hope for the Future
In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.
3 min
Project Heisenberg
No More Tears? WannaCry, One Year Later
WannaCry, one year later, and what happened to the SMB target environment.
2 min
WannaCry
WannaCry coda: Have you disabled SMBv1?
By now, if you're reading this blog, you probably have read about WannaCry. If
not, please take a moment to review:
* Wanna Decryptor (WNCRY) Ransomware Explained
[/2017/05/12/wanna-decryptor-wncry-ransomware-explained]
* Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
[/2017/05/15/using-threat-intelligence-to-mitigate-wanna-decryptor-wncry]
* WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are
Scanning For Them
[/2017/05/16/update-on-wannac
1 min
Nexpose
WannaCry - Scanning & Reporting
In light of the recent WannaCry Ransomware attacks, I thought it'd be great to
share ways of finding out which assets are susceptible to this attack.
1) Create a custom scan template to check for MS17-010
The easiest way to create a Custom template is by making a copy of an existing
template Administration -> Templates -> Click: Manage Templates -> Copy: Full
audit enhanced logging without Web Spider -> IMPORTANT: Name your copy of the
Scan Template -> Click: Vulnerability Checks -> Click: By I
4 min
Ransomware
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available
in Metasploit for testing your compensating controls and validating
remediations. More info: EternalBlue: Metasploit Module for MS17-010
[/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also
removed steps 5 and 6 from scan instructions as they were not strictly necessary
and causing issues for some customers.
*Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts
that ar
6 min
Research
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew
5 min
Microsoft
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017.
This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt
[https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Wannacrypt.A!rsm]
” burst — literally — onto the scene with one of the initial targets being the
British National Health Service [http://www.bbc.com/news/health-39899646].
According to The Guardian
[https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack]
: the “