How WannaCry ransomware works

Fantastic work! Sophos has not just protected network, but saved a business! Kudos to Sophos!

prasadwable

Well, we all know that the Wannacry ransomware has two weaknesses. One is the kill switch that we all know from the NHS, and two, the Microsoft Update from Windows 7 to 10, that gives the user the option of disabling the SMB feature. You see, the SMB feature powers the Eternal Blue exploit vulnerability which the ransomware resides. It needed it to infect the computers, and replicate the network along with it. Turn off the SMB, and the ransomware is useless. You still have to take some precautions like backing up your files, and updating your anti-virus software, but that's about it for now.

dog

- Important Question, that video testing you are doing? is it wannacry ransomware or loki ransomware ?

- I have done a testing using Sophos Cloud Endpoint add-on Intercept-x with the setting you have done (Setting : just enable only the behavior CryptoGuard AKA Ransomware Detection) and execute wannacry ransomware. However the ransomware wannaCry continue to encrypt the file that was in the computer, until i activated back all the Sophos protection function then the attack stop. Yes the attack was stop and detected also clean but the file that was encrypt did not come back to it's normal state.

I just wanted to clarify on this. So hope to hear you from you soon.

Thank you

dreamiceify

Fascinating stuff. Were I a bit younger I think I'd be spending a ton of time inhaling all information I could on the subject of malware/cyber security.

Quick question from someone not well versed on the subject of malware. How effective is this anti-virus at stopping new and unseen ransomware? I day trade for a living, cryptocurrency specifically, which makes me VERY concerned about attacks/security.

tonycortese

Your website claimed that the NHS was 'totally' protected with Sophos.

Do we know if the NHS was using your Sophos Intercept X or just your End Point stuff?

It would be interesting to know where the failure was within their system....

adamsmith

Can you use this sophos for regular user

jorgeb

@SophosProducts Great job & can I us this if I'm just at home or it's for Business only? thanks!

HPMIKE

Would this have fended of the NotPetya worm?

ninjagotguns

if some how people make a tame version of wannacry ransomware to lock the important files (the encryption of ransomware is so strong btw) it can be a useful software.

maxtronrfz

possible to give WC source to explore it and test on self?

kaze_craven

So if you have a good firewall this is useless?

Yarsig

What's the background music name?

Rc_

Sophos is awesome. We have used many software before and Sophos Intercept X is by far the best.

freddyborcherds

how do i get eternal blue running on kali?
someone pls help

mikoalt

👆 so much gratitude and appreciation to this expert and professionals🥰 am so grateful to you geniuses.

majormajid

Siper cool but once we know who created wannacry (i thnik we all the the creator) we will ask you if you can code wannacry to infect its creator, oh and if he has bitcoins to decrypt everything then just getv rid of the pay bitcoins button thing so he cant pay and decrypt hos files

xsniperkingxfenoworkfan

👆👆 is a true hacker my system is back and my files recovered from wannacry virus thank bro

erwidgr

Can you show how go make wannacry copy lol

misterD

👆👆 is a true hacker my system is back and my files recovered from wannacry virus thank bro

erwidgr

👆 so much gratitude and appreciation to this expert and professionals🥰 am so grateful to you geniuses.

majormajid