WannaCry Alert

Has anyone created a WannaCry LEM alert. This threat might have subsided due to the Kill switch but I am thinking others are coming.

Based on a few blog posts I have read I created a rule that looks on our file server for the below files.

@Please_Read_Me@.txt

testonly.wnry

.wcry

.wncry

.wncryt

This is what I have so far, but I was interested in others feedback.

2017-05-15_10-57-52.jpg

Top Replies