SANS Digital Forensics and Incident Response Blog

WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of the Internet for this threat. The webcast walks you through what we know so far about the malware, the leaked exploits, mitigation strategies, and predictions for future impact.


This webcast aired on May 12th, 2017 and was conducted by SANS Instructor Jake Williams. View webcast here: Webcast slides can be viewed here: WannaCry Ransomware Threat

SANS Institute Internet Storm Center:
Microsoft released information what can be done to protect against #WannaCry which includes deploying MS17-010 if not already done (March patch release), update Windows Defender (updated 12 May 2017) and if not using SMBv1 to disable it available here. Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.