If you have not heard about the WannaCry ransomware that is (and perhaps was) running rampant over the past weekend, then you must have been in a cave or on your honeymoon! This one is a doozie, let me tell you!! Some quick facts…
- This ransomware is based on the EternalBlue exploit (developed by the NSA, and then stolen and leaked on the Internet)
- Microsoft released a patch for this (MS17-010) in March
- Some quick thinking good guys were able to slow down the spread of WannaCry by activating a killswitch within the ransomware code
- MANY people and organizations, throughout the world, have been hit by this
An excellent analysis of WannaCry can be found here…
WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules
Stay informed…AND patch your systems!!