Severity
High
Analysis Summary
WannaCry is also called WCry or WanaCrptor ransomware malware, this ransomware can encrypt all your data files and demands a payment to restore the stolen information, usually in bitcoin with a ransom amount. WannaCry is one of the most dangerous malware ever used for cyberattacks. The attackers behind WannaCry ransomware uses a tool called Eternal Blue to exploit a vulnerability in the Windows Server Message Block, or SMB Protocol. WannaCry ransomware have caused serious disruptions in healthcare sector and financial sector and locked out users from their data.
Impact
Indicators of Compromise
MD5
- e58fdd8b0ce47bcb8ffd89f4499d186d
- d69dc6569b385c0467185d002e252d89
- cb3e056e3862858c4a922ed2fc701cff
- 2aedfa0dfb06ef02b268ec62486e6f80
SHA-256
- 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
- 80239619c4ca44380c6269873a5b6b695585ccfcf278e0f2c72698658a3a6fd8
- 5397907c46d3341eb1fb0a9d164253f553ed9938451e9b2ba5698519e2d60af1
- bd175fda8c98a44237f8da7e02e48f6aaf00365bec2e7e38b7b42414bd888d95
SHA-1
- b7e2334ac6e1ad75e3744661bb590a2d1da98b03
- 25938a66cce0078c76a15f351cbd19c8fcc2b081
- c9f1949a2559ebea8e8c85c345eb3393f4642519
- 0e998e4a93dd1fd666aece318b77d9f1756d9c17
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.