Ransomware Traffic Detected (WannaCry)
Critical Nessus Network Monitor Plugin ID 700099
SynopsisA payload has been detected that targets a critical vulnerability that encrypts most or all of a user's data, demanding a ransom to have the files decrypted.
DescriptionThe remote system may be affected by ransomware that encrypts most or all of the files on a user's computer. Then, the software demands that a ransom be paid in order to have the files decrypted. This attack is related to the recent ShadowBrokers dump containing NSA weaponized software exploits.
SolutionA remote service may be attempting to target user data and potentially encrypt it, rendering it unattainable until the user pays a ransom to have it decrypted. This type of issue can quickly spread laterally through organizations. Inspect the system for malicious code, and follow appropriate incident response procedures.