NetFort Tips & Tricks - Detecting the presence of WannaCry Ransomware and SMBv1 servers

  • 2
  • Idea
  • Updated 2 years ago
WannaCry Ransomware has become very active in May 2017. It looks to be targeting servers using the SMBv1 protocol. Use network traffic analysis to detect the presence of SMBv1 and for the presence of the malware.

More reading here - https://technet.microsoft.com/en-us/l...

Files are encrypted with the .WNCRY file extension added to them. In addition to this a ransom note is added, named @Please_Read_Me@.txt. Also adds a lockscreen, named “WanaCrypt0r 2.0”.

Watch this short YouTube video to find out more about how you can detect the presence of WannaCry Ransomware and how to find out if you have any SMBv1 servers on your network with LANGuardian.

And, as always, if you have questions about any aspect of LANGuardian, please contact us on support@netfort.com any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 2

Be the first to post a reply!