cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 10

WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

Hey Guys,

Any news about this new variant of Ransomware from McAfee?

Any recommendations?

Are there any documents for earlier variants of this Ransomware?

1 Solution

Accepted Solutions
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

Interesting Article - Security researcher says he's figured out how to decrypt WannaCry

"...when WannaCry infects a computer it generates encryption keys that rely on prime numbers. Here comes the important part: The ransomware does not erase the prime numbers from memory before freeing the associated memory. If you are lucky (that is the associated memory hasn't been reallocated and erased)," continues Guinet, "these prime numbers might still be in memory."

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

View solution in original post

9 Replies
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

yes patch Eternalblue/MS17-010

tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

Keeps monitoring Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage

Also consider creating a custom access rule to block *.wcry and *.wncry.

Warning to Irish businesses after cyber attack 'unlike any encountered before' sweeps Europe - Irish...

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

This just came out: McAfee SNS Notice: Ransom-WannaCry Ransomware Impacting Some Customers *IMPORTANT*

McAfee is aware that several customers are impacted by a new ransomware. Ransom-WannaCry (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files with the .wnry, .wcry, .wncry, and .wncryt extensions. Encryption is occurring on the local host and across open SMB shares. Impacted systems might also show a blue screen upon system reboot.

For more information about the threat and preventive measures see: https://kc.mcafee.com/corporate/index?page=content&id=KB89335

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

Thank you. Any documents created by McAfee so far?

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

HERE IS THE  EXTRADAT for the WANNACRY / WANACRY from the KB.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/89000/KB89335/en_US/EXT...

We made a manual how to integrate the EXTRA.DAT they just released into MCAFEE EPO and/ot MCAFEE CLient ENS 10.5.1. Often people are unsure in urgent situation how to do that we have seen...

Butsch.ch | Ransomware: How to integrate the WannaCry EXTRADAT in EPO or McAfee ENS client

* Are there any INFOS regarding how this comes in (E-mail, Attachments, Makro etc.)?

* Is there information if TIE ATP customer are procted?

* is there any info on those files in GTI at the moment?

Greetings from Switzerland

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

An emergency DAT release for Ransom-WannaCry, is expected to be posted around 2:00 UTC on May 13th, 2017 / 19:00 PDT on May 12th, 2017.

For more information on Ransom-WannaCry, please refer to our KB:  

https://kc.mcafee.com/corporate/index?page=content&id=KB89335

. 

 

 

 

 

 

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

There is a BLUE SMB patch out for XP/VISTA/2003. Here is how to integrate it in WSUS Server. You can also download it from Microsoft.

Patch your Exotic, GmP, Validated, specials, labmachines now 😉

* FEDEX

* Deutsche Bahn

* Peugeot

Had outtage and downtime....

Several others wo will NOT say because they are afraid and did not spend money in ATD/TIE until now 😉

Butsch.ch | Wannacry/ WannaCrypt: Microsoft Patch for MS SMB Exploit Blue on XP/VISTA/2003 released....

tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

Re: WannaCry / WanaCrypt0r 2.0 / WCry Ransomware

Jump to solution

Interesting Article - Security researcher says he's figured out how to decrypt WannaCry

"...when WannaCry infects a computer it generates encryption keys that rely on prime numbers. Here comes the important part: The ransomware does not erase the prime numbers from memory before freeing the associated memory. If you are lucky (that is the associated memory hasn't been reallocated and erased)," continues Guinet, "these prime numbers might still be in memory."

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community