yes patch Eternalblue/MS17-010
Also consider creating a custom access rule to block *.wcry and *.wncry.
Thank you. Any documents created by McAfee so far?
This just came out: McAfee SNS Notice: Ransom-WannaCry Ransomware Impacting Some Customers *IMPORTANT*
McAfee is aware that several customers are impacted by a new ransomware. Ransom-WannaCry (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files with the .wnry, .wcry, .wncry, and .wncryt extensions. Encryption is occurring on the local host and across open SMB shares. Impacted systems might also show a blue screen upon system reboot.
For more information about the threat and preventive measures see: https://kc.mcafee.com/corporate/index?page=content&id=KB89335
HERE IS THE EXTRADAT for the WANNACRY / WANACRY from the KB.
We made a manual how to integrate the EXTRA.DAT they just released into MCAFEE EPO and/ot MCAFEE CLient ENS 10.5.1. Often people are unsure in urgent situation how to do that we have seen...
* Are there any INFOS regarding how this comes in (E-mail, Attachments, Makro etc.)?
* Is there information if TIE ATP customer are procted?
* is there any info on those files in GTI at the moment?
Greetings from Switzerland
An emergency DAT release for Ransom-WannaCry, is expected to be posted around 2:00 UTC on May 13th, 2017 / 19:00 PDT on May 12th, 2017.
For more information on Ransom-WannaCry, please refer to our KB:
There is a BLUE SMB patch out for XP/VISTA/2003. Here is how to integrate it in WSUS Server. You can also download it from Microsoft.
Patch your Exotic, GmP, Validated, specials, labmachines now ;-)
* Deutsche Bahn
Had outtage and downtime....
Several others wo will NOT say because they are afraid and did not spend money in ATD/TIE until now ;-)
Interesting Article - Security researcher says he's figured out how to decrypt WannaCry
"...when WannaCry infects a computer it generates encryption keys that rely on prime numbers. Here comes the important part: The ransomware does not erase the prime numbers from memory before freeing the associated memory. If you are lucky (that is the associated memory hasn't been reallocated and erased)," continues Guinet, "these prime numbers might still be in memory."