Severity
High
Analysis Summary
WannaCry is also called WCry or WanaCrptor ransomware malware, this ransomware can encrypt all your data files and demands a payment to restore the stolen information, usually in bitcoin with a ransom amount. WannaCry is one of the most dangerous malware ever used for cyberattacks. The attackers behind WannaCry ransomware uses a tool called Eternal Blue to exploit a vulnerability in the Windows Server Message Block, or SMB Protocol. WannaCry ransomware have caused serious disruptions in healthcare sector and financial sector and locked out users from their data.
Impact
- File Encryption
Indicators of Compromise
MD5
- 3983f0ebeec88b8005724a203ae27180
SHA-256
- ed492db95034ca288dd52df88e3ce3ec7b146ffd854a394ac187f0553ef966d9
SHA-1
- 9f34d48eae30b6da0a5c5297a873f989a49e10e8
URL
- http[:]//iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
- http[:]//www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.