NetFort Tips & Tricks - Detecting the presence of WannaCry Ransomware and SMBv1 servers

  • 2
  • Idea
  • Updated 7 days ago
WannaCry Ransomware has become very active in May 2017. It looks to be targeting servers using the SMBv1 protocol. Use network traffic analysis to detect the presence of SMBv1 and for the presence of the malware.

More reading here -

Files are encrypted with the .WNCRY file extension added to them. In addition to this a ransom note is added, named @Please_Read_Me@.txt. Also adds a lockscreen, named “WanaCrypt0r 2.0”.

Watch this short YouTube video to find out more about how you can detect the presence of WannaCry Ransomware and how to find out if you have any SMBv1 servers on your network with LANGuardian.

And, as always, if you have questions about any aspect of LANGuardian, please contact us on any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 2
Thanks for sharing. click this word: Terminal Lugs

Photo of Jessica Liu

Jessica Liu

  • 1 Post
  • 0 Reply Likes
That's impressive information. I am working on my project that is a leading trusted electric toothbrush supplier. More read here: