How can we stop Ransom:Win32/WannaCrypt malware spread? RRS feed

  • Question

  • Hi, Guys.

    How can we stop Ransom:Win32/WannaCrypt malware spread? As you know, this malware has worm functionality which attempts to infect unpatched outdated Windows machines. 

    Yes, there are good AVs which can detect and quarantine this threat. If we receive multiple ransomware detections reported by our AV, how can we track down instead the infected system which spreads the malware to other vulnerable computers? Assuming this infected system was not detected by our AV for some reason (i.e. AV was not installed)

    I can see an article states that the threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system.

    How can we track endpoints also that has this mssecsvc2.0 service running on them via powershell script? Thank you

    Tuesday, January 8, 2019 4:24 AM

All replies

  • When your system is fully updated and you have Anti-Malware software installed, you are protected.

    Best defense would be make sure all systems are update and Anti-Virus has been installed and is updated.

    You could do this through Config Manager or Operation Manager.

    In addition, latest build of Windows 10 comes with feature called Controlled Folder Access and it is under Ransom protection which by enabling it you could stop ransomwares from harming your system.

    Wednesday, February 13, 2019 7:11 PM