Watch FireEye Endpoint Security Detect and Prevent a WannaCry Attack
Category : FireEye
Since May 12, 2017, a highly prolific WannaCry ransomware campaign has been observed impacting organizations globally. WannaCry (aka WCry or WanaCryptor) malware is self-propagating (worm-like) ransomware that spreads through internal networks and over the public internet by exploiting a vulnerability in Microsoft Server Message Block (SMB) protocol. The malware appends encrypted data files with the .WCRY extension, drops and executes a decryptor tool, and demands $300 or $600 USD (via Bitcoin) to decrypt the data.
The following video demonstrates how FireEye Endpoint Security (HX) detects and prevents the WannaCry ransomware threat.
This demonstration first shows how HX Exploit Guard (ExG) can detect and prevent threats. It then goes into the details of how it detected and prevented a WannaCry ransomware attack, and walks the viewer through the exact process that it took and how ExG is able to deal with threats in real-time. The demo exposes how ransomware works, and how the overall design of ExG and HX can effectively deal with these and other types of threats.