Has anyone created a WannaCry LEM alert. This threat might have subsided due to the Kill switch but I am thinking others are coming.
Based on a few blog posts I have read I created a rule that looks on our file server for the below files.
@Please_Read_Me@.txt
testonly.wnry
.wcry
.wncry
.wncryt
This is what I have so far, but I was interested in others feedback.