How can we stop Ransom:Win32/WannaCrypt malware spread? RRS feed

  • Question

  • Hi, Guys.

    How can we stop Ransom:Win32/WannaCrypt malware spread? As you know, this malware has worm functionality which attempts to infect unpatched outdated Windows machines. 

    Yes, there are good AVs which can detect and quarantine this threat. If we receive multiple ransomware detections reported by our AV, how can we track down instead the infected system which spreads the malware to other vulnerable computers? Assuming this infected system was not detected by our AV for some reason (i.e. AV was not installed)

    I can see an article states that the threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system.

    How can we track endpoints also that has this mssecsvc2.0 service running on them via powershell script? Thank you

    • Moved by Bill_Stewart Tuesday, January 8, 2019 11:16 PM Multipost/off-topic/help vampire
    Tuesday, January 8, 2019 4:24 AM

All replies

  • You are posting in the wrong forum.  This is a scripting forum and not  general purpose or AV forum.  You will have to contact you AV supplier for assistance with your request.  All business AV system have reporting tools that do what you ask.


    Tuesday, January 8, 2019 4:54 AM