Falcon Report: CrowdStrike Falcon Prevents the Attack
Contents
Falcon Intelligence Report: Wanna Ransomware Spreads Rapidly; CrowdStrike Falcon® Prevents the Attack
May 12, 2017Falcon Intelligence Team Research & Threat Intel
[vc_row][vc_column][vc_column_text]
Wanna Decryption Ransom Screen
Wanna (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) ransomware exploded onto the ransomware scene on May 12, 2017, with a mass campaign impacting organizations in many countries. This second variant of the ransomware has been leveraging the EternalBlue (MS-17010) vulnerability, released by the Shadow Brokers actors, in order to spread over victim networks via the Windows file sharing protocol, Server Message Block (SMB), following an initial infection.
CrowdStrike Falcon® Prevent offers protection for this variant through two types of coverage. Falcon Prevent has a Machine Learning layer (at the âModerate Levelâ) and a Behavioral IOA layer (âSuspicious Processâ). To ensure this ransomware is prevented, the Prevention Policies must be enabled. For additional details on how to configure CrowdStrike Falcon® Prevent to stop Wanna ransomware and its variants, please …
May 12, 2017Falcon Intelligence Team Research & Threat Intel
[vc_row][vc_column][vc_column_text]
Wanna Decryption Ransom Screen
Wanna (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) ransomware exploded onto the ransomware scene on May 12, 2017, with a mass campaign impacting organizations in many countries. This second variant of the ransomware has been leveraging the EternalBlue (MS-17010) vulnerability, released by the Shadow Brokers actors, in order to spread over victim networks via the Windows file sharing protocol, Server Message Block (SMB), following an initial infection.
CrowdStrike Falcon® Prevent offers protection for this variant through two types of coverage. Falcon Prevent has a Machine Learning layer (at the âModerate Levelâ) and a Behavioral IOA layer (âSuspicious Processâ). To ensure this ransomware is prevented, the Prevention Policies must be enabled. For additional details on how to configure CrowdStrike Falcon® Prevent to stop Wanna ransomware and its variants, please …