Social Network For Security Executives: Network, Learn & Collaborate
Author - Abdur Rafi, CISO, ABP Pvt. Ltd., India
A series of broad attack began that spread the latest version of the WanaCryptor ransomware. This attack, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organizations worldwide. The attack caused Britain's NHS to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock.
Here's a solution : Anti-WannaCry, developed by ABP IT Security Team, in Kolkata DataCentre, India, launched on 15th May 2017.
Anti-WannaCry, is a complete framework, which not only find and remove any traces of WannaCry from the PC, but also actively stops any future infection, thus making the system immune from future Wannacry attacks.
It’s a self-contained client based solution. Its OS independent, but .NET framework version 4.5 is required.
It works based on behavioral analysis and not signature dependent. It doesn’t require any internet connectivity or updates to work properly. It is also able to work in isolated systems where no network or internet is provided.
The structure of its 360 degree protection system will cover all these:
It monitors and protects all these vectors for WannaCry related infections, and actively stops its execution and growth. (See more on : https://youtu.be/sJzeb30SwBQ)
Please download a copy yourself to evaluate from here.
(Link was provided by author, please be careful while navigating outside cisoplatform.)
What is WannaCry?
WannaCry is the latest ransomware, effecting PC’s and servers like wildfire. The functional architecture of the ransomware is shown below:
If you execute the ransomware, you can see the following files:
Dissecting Its Package - Part 1
Some interesting ransomware code snippet
Dissecting Its Package - Part 2
Features of WannaCry:
Dissecting Its Package - Part 3
Some of the interesting Processes interacts / executed / created by WannaCry:
(Kill switch for WannaCry v2.0)
Dissecting Its Package - Part 4
Some of the interesting strings found inside the source code & Memdump of WannaCry: