Professional Documents
Culture Documents
McAfee Corporate KB - Protecting Against Ransom-WannaCry (May 2017) KB89335 PDF
McAfee Corporate KB - Protecting Against Ransom-WannaCry (May 2017) KB89335 PDF
Environment
Summary
McAfee is aware of a new variant of ransomware that has been detected in corporate environments. Threat Name: Ransom-
WannaCry (also known as WCry, WanaCrypt and WanaCrypt0r).
This article will be updated as additional information is available. Please continue to monitor this document for updates.
Files are encrypted with the .wnry, .wcry, .wncry, and .wncryt extension. End users see a screen with a ransom message.
On restarting, impacted machines have a blue screen error and cannot start.
Encryption seen on local host and open SMB shares
VirusScan Enterprise (VSE) and Endpoint Security (ENS) Access Protection Proactive Measures
Rule1:
Rule2:
Rule1:
Executable1:
Inclusion: Include
File Name or Path: *
SOLUTIONS PRODUCTS SERVICES THREAT CENTER
SUPPORT PARTNERS
SubRule1:
Inclusion: Include
File, folder name, or file path: *\Software\WanaCrypt0r
SOLUTIONS PRODUCTS SERVICES THREAT CENTER
SUPPORT PARTNERS
SubRule2:
Inclusion: Include
File, folder name, or file path: *.wnry
SOLUTIONS PRODUCTS SERVICES THREAT CENTER
SUPPORT PARTNERS
More information will be posted shortly.
Please continue to return to this page for the latest updates.
Affected Products