How to detect WannaCry on your server

[derrec]

WannaCry (also named WannaCrypt) is the latest ransomware attack that has affected over 100 countries and crippled several businesses. The malware is similar to other ransomware in that it encrypts local files with 2048-bit RSA encryption and requires a $300 ransom payment to decrypt them. The fee doubles if the victim takes too much time.

This new attack uses leaked NSA code that exploits SMBv1 (Server Message Block), which makes it very efficient for attackers. The SMBv1 protocol is outdated, but many Windows network administrators leave it enabled by default. WannaCry also self-replicates to network shares, so it spreads quickly especially on local enterprise networks. So far, the authors of WannaCry have made $70,000 in ransom fees.

Aside from having all of your important files encrypted, you can detect WannaCry by monitoring network traffic. You could be hosting WannaCry on your servers without knowing it, but you can stop it from causing critical downtime on your network using monitoring software. WannaCry is the perfect example of why you should always have some type of monitoring system in place. It helps you detect and stop malicious network traffic.

If you are lucky enough to still have a running server, you can detect WannaCry before it encrypts your software. Here are some basic events that you can monitor:

[kimmomk]

Hi guys, I think that the problem with WannaCry is no longer as urgent, now a lot of different security systems, by the way, a lot of them on an excellent server Hostkey, protection from ddos and other attacks, I can not but recommend it, since the inclusion of my site on the server has never let me down

[Author]

Posts