EternalBlue – Qualys ThreatPROTECT

Petya Ransomware

Posted by Deepak Shanker on June 27, 2017October 12, 2017

Petya is not a new player in the ransomware world. It has multiple versions and was delivered to target machines as part of exploit kit campaigns and as malicious email attachments. The latest versions of petya seems to be spreading via the SMBv1 vulnerabilities (CVE-2017-0144 and CVE-2017-0145) in the Windows operating system. This behavior is … Continue reading “Petya Ransomware”

WannaCry Ransomware Analysis

Posted by Deepak Shanker on May 25, 2017May 26, 2017

In our previous post we have seen how the the initial WannaCry executable configures the target system and creates the tasksche.exe file under C:\WINDOWS directory and executes it with command line argument /i. In this post we will continue our analysis to see what this process is upto. MD5 84C82835A5D21BBCF75A61706D8AB549 SHA-1 5FF465AFAABCBF0150D1A3AB2C2E74F3A4426467 FileDescription DiskPart OriginalFilename … Continue reading “WannaCry Ransomware Analysis”

A Quick Way to Immune to WannaCrypt Without Patch

Posted by Ses Wang on May 15, 2017May 16, 2017

A “ransomware” called “WannaCrypt” has locked thousands of computers in more than 150 countries. We have released a blog about this ransom ware last week. Here is a quick blog about a way to make your system immune to this ransom ware if you can’t install the patch for some reason. Mutex And Indicator … Continue reading “A Quick Way to Immune to WannaCrypt Without Patch”

WannaDecrypt0r Ransomware

Posted by Deepak Shanker on May 12, 2017May 13, 2017

The WannaDecrypt0r ransomware has infected at least 16 Hospitals in the UK and has been spreading quite a bit within the masses. The ransomware is being identified with many names such as WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY and WannaDecrypt0r. At present, it is believed that over 36000 machines have been compromised by this ransomware. All … Continue reading “WannaDecrypt0r Ransomware”

EternalBlue SMB Exploit

Posted by Deepak Shanker on April 24, 2017October 23, 2018

UPDATED: May 12, 2017 In what may be the first public weaponizing of April’s Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations, including patient services at UK hospitals. WannaCry exploits the ETERNALBLUE vulnerability and please refer to the Qualys blog on WannaCry for … Continue reading “EternalBlue SMB Exploit”