Ransomware Traffic Detected (WannaCry)

critical Nessus Network Monitor Plugin ID 700099


A payload has been detected that targets a critical vulnerability that encrypts most or all of a user's data, demanding a ransom to have the files decrypted.


The remote system may be affected by ransomware that encrypts most or all of the files on a user's computer. Then, the software demands that a ransom be paid in order to have the files decrypted. This attack is related to the recent ShadowBrokers dump containing NSA weaponized software exploits.


A remote service may be attempting to target user data and potentially encrypt it, rendering it unattainable until the user pays a ransom to have it decrypted. This type of issue can quickly spread laterally through organizations. Inspect the system for malicious code, and follow appropriate incident response procedures.

See Also



Plugin Details

Severity: Critical

ID: 700099

Family: Generic

Published: 5/15/2017

Updated: 3/6/2019

Risk Information


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 3/14/2017

Vulnerability Publication Date: 3/14/2017

Exploitable With

Metasploit (MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption)

Reference Information

CVE: CVE-2017-0143, CVE-2017-0146, CVE-2017-0145, CVE-2017-0144, CVE-2017-0147, CVE-2017-0148

BID: 96707, 96709, 96703, 96704, 96705, 96706