NEW

3 Cybersecurity Predictions for 2025

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Ransomware Bundle Updated to Detect WannaCry Details

Share blog icon

Back to top

Back to top

May 12, 2017

Ransomware Bundle Updated to Detect WannaCry Details

WannaCry is propagating quickly around the globe. ExtraHop customers should download the updated ransomware bundle.

You've probably heard about the WannaCry (variously known as Wannacrypt0r, Wanna Decryptor, WannaCrypt, etc.) malware by now. I updated our ransomware bundle this afternoon to detect the *.WNCRY file extension and @Please_Read_Me@.txt ransom note. Of course, the bundle also looks for unusual CIFS/SMB write activity indicative of any ransomware strain.

Already an ExtraHop customer? Download the Ransomware Bundle v1.2.6 here.

See my video below for more details.

If you've been hiding under a rock, you can get up to date by checking #NHScyberattack on Twitter. Besides hitting National Health Service hospitals in the United Kingdom, the malware is also spreading in other organizations worldwide, including Telefonica, by taking advantage of a vulnerability in a Windows file-sharing service to propagate quickly. Brian Krebs has a good summary.

For anyone looking for a deeper dive into exactly what happened during this attack, I recommend taking a look at this personal account of how one UK-based cybersecurity researcher found and activated a WannaCry "kill switch" on Friday afternoon—unfortunately, the fix was only temporary.

Download this whitepaper to learn how you can integrate the ExtraHop platform with your firewall and network access control devices to automatically block malicious IPs and quarantine ransomware-infected clients.

blog image
Blog author
Tom Roeh

Sales Engineering Director

Tom is an accomplished, results-driven software professional with 15 years of experience working in customer environments. He created the Ransomware bundle that allows ExtraHop to detect Ransomware attacks in progress and provide early warning so IT can stop them before the damage is done.

Check out Tom's Ransomware Bundle here, and stay connected on LinkedIn or Twitter!

Share
LinkedIn logoX logoFacebook logo

Experience RevealX NDR for Yourself

Schedule a demo