How to protect against the WannaCry attacks if you use Kaspersky solutions for business

Latest update: November 01, 2019 ID: 13698
 
 
 
 

Kaspersky engineers have analyzed the information on the cases of infection with the WannaCry file-encrypting malware, which attacked a number of companies around the world on May, 12.

The attack was implemented through the Microsoft Security Bulletin MS17-010 network vulnerability. The rootkit was installed on the infected computers, through which the file-encrypting malware was run.

All Kaspersky solutions now detect this rootkit as MEM:Trojan.Win64.EquationDrug.gen. Kaspersky solutions also detect the encryption malware which was used during this attack under the following names:

  • Trojan-Ransom.Win32.Scatter.uf
  • Trojan-Ransom.Win32.Scatter.tr
  • Trojan-Ransom.Win32.Fury.fr
  • Trojan-Ransom.Win32.Gen.djd
  • Trojan-Ransom.Win32.Wanna.b
  • Trojan-Ransom.Win32.Wanna.c
  • Trojan-Ransom.Win32.Wanna.d
  • Trojan-Ransom.Win32.Wanna.f
  • Trojan-Ransom.Win32.Zapchast.i
  • Trojan.Win64.EquationDrug.gen
  • PDM:Trojan.Win32.Generic
  • Intrusion.Win.DoublePulsar.a

We recommend that the companies perform the following actions to minimize the risk of infection:

To view the detailed guide for your Kaspersky solution, see the section How to avoid network infection later in this article.

Kaspersky experts are currently analyzing the malware samples to find decryption options.

For detailed information about the WannaCry attacks, please refer to the Kaspersky report.

 
 
 
 

How to disinfect the network if you use a Kaspersky anti-malware solution

 
 
 
 

How to disinfect the network if you use other anti-malware solutions

 
 
 
 

How to prevent the infection

 
 
 
 

How to distribute the Microsoft update through Kaspersky Security Center

 
 
 
 

How to use the computers safely without installing the Microsoft update

 
 
 
 
 
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.