12 Replies Latest reply on May 16, 2017 10:09 AM by jeremymayfield

    WannaCry Alert

    dcokers

      Has anyone created a WannaCry LEM alert. This threat might have subsided due to the Kill switch but I am thinking others are coming.

       

      Based on a few blog posts I have read I created a rule that looks on our file server for the below files.

      @Please_Read_Me@.txt

      testonly.wnry

      .wcry

      .wncry

      .wncryt

       

      This is what I have so far, but I was interested in others feedback.

       

      2017-05-15_10-57-52.jpg