How to protect against the WannaCry attacks if you use Kaspersky Lab products for business

 

 

General articles: Common for products

 
 
 

How to protect against the WannaCry attacks if you use Kaspersky Lab products for business

Back to "Common for products"
2017 Jun 13 ID: 13698
 
 
 
 

Kaspersky Lab engineers have analyzed the information on the cases of infection with the file-encrypting malware known as WannaCry, which attacked a number of companies around the world on May, 12.

For the attack, the known network vulnerability Microsoft Security Bulletin MS17-010 was used. Then, the rootkit was installed on the infected computers, through which the file-encrypting malware was run.

All Kaspersky Lab solutions now detect this rootkit as MEM:Trojan.Win64.EquationDrug.gen. Kaspersky Lab solutions also detect the encryption malware which was used during this attack under the following names:

  • Trojan-Ransom.Win32.Scatter.uf
  • Trojan-Ransom.Win32.Scatter.tr
  • Trojan-Ransom.Win32.Fury.fr
  • Trojan-Ransom.Win32.Gen.djd
  • Trojan-Ransom.Win32.Wanna.b
  • Trojan-Ransom.Win32.Wanna.c
  • Trojan-Ransom.Win32.Wanna.d
  • Trojan-Ransom.Win32.Wanna.f
  • Trojan-Ransom.Win32.Zapchast.i
  • Trojan.Win64.EquationDrug.gen
  • PDM:Trojan.Win32.Generic (System Watcher must be enabled for detection of this malware)
  • Intrusion.Win.DoublePulsar.a (Network Attack Blocker must be enabled for detection of this malware).

We recommend that the companies perform the following actions to minimize the risk of infection:

To view the detailed guide for your Kaspersky Lab solution, see the section How to avoid network infection later in this article.

Kaspersky Lab experts are currently analyzing the malware samples to find decryption options.

For detailed information about the WannaCry attacks, please refer to the Kaspersky Lab report.

 
 
 
 
 

How to disinfect the network if you use a Kaspersky Lab antivirus solution

 
 
 
 
 

How to disinfect the network if you use other antiivirus solutions

 
 
 
 
 

How to prevent the infection

 
 
 
 
 

How to distribute the Microsoft update through Kaspersky Security Center

 
 
 
 
 

How to use the computers safely without installing the Microsoft update

 
 
 
 
Was this information helpful?
Yes No
 

 
 

Feedback on Technical Support Site

Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate

Send My Website Feedback Send My Website Feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.