Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ransomware Traffic Detected (WannaCry)

Critical

Synopsis

A payload has been detected that targets a critical vulnerability that encrypts most or all of a user's data, demanding a ransom to have the files decrypted.

Description

The remote system may be affected by ransomware that encrypts most or all of the files on a user's computer. Then, the software demands that a ransom be paid in order to have the files decrypted. This attack is related to the recent ShadowBrokers dump containing NSA weaponized software exploits.

Solution

A remote service may be attempting to target user data and potentially encrypt it, rendering it unattainable until the user pays a ransom to have it decrypted. This type of issue can quickly spread laterally through organizations. Inspect the system for malicious code, and follow appropriate incident response procedures.