|As of this writing, the WannaCry ransomware outbreak infected 350,000 victims in more than 150 countries. As a customer, we want to keep you up-to-date on the latest information about the threat and our response.|
|What makes WannaCry unique?
WannaCry is a unique ransomware strain that exploits a critical Microsoft Windows Server Message Block (SMB) vulnerability to spread like a worm, lending to its rapid propagation after just a few hours of initial detection. The SMB exploit spreads across network shares, so the effect of the attack was minimal to consumers.
The unique trifecta of a broadly available vulnerability with a working exploit and the ability for execution without human intervention created the perfect environment for a “wormable” ransomware attack. Since the WannaCry attack, another attack called Adylkuzz has surfaced that takes advantage of the same Windows vulnerability, emphasizing the need for action.
|What was McAfee’s response?
Over the course of Friday, May 12, McAfee received multiple reports of the attack. By Friday afternoon, the McAfee® Global Threat Intelligence system was updated to identify all known WannaCry samples, and McAfee had delivered DAT signature updates to all its customers.
Our enterprise endpoint products provide zero-day protection against the attack as outlined below. As new variants of this ransomware arise, we will continuously update our software to keep our users protected.
Get ongoing Wannacry news updates from McAfee’s top researchers on our Securing Tomorrow blog. Our scientists have analyzed this attack and the subsequent Adylkuzz attack, which exploits the same Windows vulnerability:
We also conducted a webinar and Q&A with our experts on May 18. You can review that webcast (English) on demand.