none
How can we stop Ransom:Win32/WannaCrypt malware spread?

    Question

  • Hi, Guys.

    How can we stop Ransom:Win32/WannaCrypt malware spread? As you know, this malware has worm functionality which attempts to infect unpatched outdated Windows machines. 

    Yes, there are good AVs which can detect and quarantine this threat. If we receive multiple ransomware detections reported by our AV, how can we track down instead the infected system which spreads the malware to other vulnerable computers? Assuming this infected system was not detected by our AV for some reason (i.e. AV was not installed)

    I can see an article states that the threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system.

    How can we track endpoints also that has this mssecsvc2.0 service running on them via powershell script? Thank you

    Tuesday, January 8, 2019 4:25 AM

All replies