How to protect against the WannaCry attacks if you use Kaspersky Lab products for business
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Accept and close



Safety 101: Ransomware removal


How to protect against the WannaCry attacks if you use Kaspersky Lab products for business

Back to "Ransomware removal"
2018 Jan 24 ID: 13698

Kaspersky Lab engineers have analyzed the information on the cases of infection with the file-encrypting malware known as WannaCry, which attacked a number of companies around the world on May, 12.

For the attack, the known network vulnerability Microsoft Security Bulletin MS17-010 was used. Then, the rootkit was installed on the infected computers, through which the file-encrypting malware was run.

All Kaspersky Lab solutions now detect this rootkit as MEM:Trojan.Win64.EquationDrug.gen. Kaspersky Lab solutions also detect the encryption malware which was used during this attack under the following names:

  • Trojan-Ransom.Win32.Scatter.uf
  • Trojan-Ransom.Win32.Gen.djd
  • Trojan-Ransom.Win32.Wanna.b
  • Trojan-Ransom.Win32.Wanna.c
  • Trojan-Ransom.Win32.Wanna.d
  • Trojan-Ransom.Win32.Wanna.f
  • Trojan-Ransom.Win32.Zapchast.i
  • Trojan.Win64.EquationDrug.gen
  • PDM:Trojan.Win32.Generic (System Watcher must be enabled for detection of this malware)
  • Intrusion.Win.DoublePulsar.a (Network Attack Blocker must be enabled for detection of this malware).

We recommend that the companies perform the following actions to minimize the risk of infection:

To view the detailed guide for your Kaspersky Lab solution, see the section How to avoid network infection later in this article.

Kaspersky Lab experts are currently analyzing the malware samples to find decryption options.

For detailed information about the WannaCry attacks, please refer to the Kaspersky Lab report.


How to disinfect the network if you use a Kaspersky Lab antivirus solution


How to disinfect the network if you use other antiivirus solutions


How to prevent the infection


How to distribute the Microsoft update through Kaspersky Security Center


How to use the computers safely without installing the Microsoft update

Was this information helpful?
Yes No


Have you found what you were looking for?

Please let us know how we can make this website more comfortable for you

Send feedback Send feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.