NetFort Tips & Tricks - Detecting the presence of WannaCry Ransomware and SMBv1 servers

  • 1
  • Idea
  • Updated 10 months ago
WannaCry Ransomware has become very active in May 2017. It looks to be targeting servers using the SMBv1 protocol. Use network traffic analysis to detect the presence of SMBv1 and for the presence of the malware.

More reading here - https://technet.microsoft.com/en-us/l...

Files are encrypted with the .WNCRY file extension added to them. In addition to this a ransom note is added, named @Please_Read_Me@.txt. Also adds a lockscreen, named “WanaCrypt0r 2.0”.

Watch this short YouTube video to find out more about how you can detect the presence of WannaCry Ransomware and how to find out if you have any SMBv1 servers on your network with LANGuardian.

And, as always, if you have questions about any aspect of LANGuardian, please contact us on support@netfort.com any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 391 Posts
  • 8 Reply Likes

Posted 1 year ago

  • 1
Photo of Mawiya Karam

Mawiya Karam

  • 1 Post
  • 0 Reply Likes
If you're operating a Powered-Windows PC, you have to make sure about all your software is updated. Plus, do not always open suspicious emails, open on the links you don't know or link any update you weren't expecting. Suspecting the work with  Web Design Service which initiate this problem and to resolve the issue find out the perfect option.
Photo of Anikea

Anikea

  • 1 Post
  • 0 Reply Likes
It seems that this article has answers to the point, also it includes special tool against ransomware http://myspybot.com/cesar-ransomware/