Posts tagged WannaCry

6 min WannaCry

WannaCry, Two Years On: Current Threat Landscape, Forgotten Lessons, and Hope for the Future

In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.

2 min Vulnerability Management

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.

3 min Project Heisenberg

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.

2 min WannaCry

WannaCry coda: Have you disabled SMBv1?

By now, if you're reading this blog, you probably have read about WannaCry. If not, please take a moment to review: * Wanna Decryptor (WNCRY) Ransomware Explained [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] * Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry) [/2017/05/15/using-threat-intelligence-to-mitigate-wanna-decryptor-wncry] * WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them [/2017/05/16/update-on-wannac

1 min Nexpose

WannaCry - Scanning & Reporting

In light of the recent WannaCry Ransomware attacks, I thought it'd be great to share ways of finding out which assets are susceptible to this attack. 1) Create a custom scan template to check for MS17-010 The easiest way to create a Custom template is by making a copy of an existing template Administration -> Templates -> Click: Manage Templates -> Copy: Full audit enhanced logging without Web Spider -> IMPORTANT: Name your copy of the Scan Template -> Click: Vulnerability Checks -> Click: By I

4 min Ransomware

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010 [/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary and causing issues for some customers. *Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts that ar

6 min Research

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. It spreads to unpatched devices directly connected to the internet and, once inside an organization, those machines and devices behind the firew

5 min Microsoft

Wanna Decryptor (WNCRY) Ransomware Explained

Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt [https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Wannacrypt.A!rsm] ” burst — literally — onto the scene with one of the initial targets being the British National Health Service [http://www.bbc.com/news/health-39899646]. According to The Guardian [https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack] : the “