Wannacry: Detailed analysis (part 3 of 3)

​Ransomware itself typical

The actual ransomware component itself is not all that remarkable, it does what ransomware does, encrypts a widerange of files and demands ransom, to be paid in bitcoins in a most insistent way. Here is a list of some of the files it encrypts.

Expect more of the same to come
What we have seen to date is likelyonly the beginning. Expect new variants of this threat to quickly emerge. These are likely to have different killswitch domains or no killswitch domains at all. Note, even though you might have patched your systems, it may still be possible to get impacted by theWannaCry Ransomware itself if it is spread via email or the web in the future. However, if you are up to date with patches and have taken some of the mitigation stepsbelow the impact and spread should be well contained.
Mitigation Tips

*.If you haven’t done so already,patch the vulnerability (seeMS17-010) on all systems!

*.Doublecheck AV is up to date with latest signatures

*.Don’t block the known killswitch domains at your gateway

*.Consider disabling SMBv1 traffic in your LAN

*.Block port 445 SMB traffic at your border firewall

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s