Taking many by surprise on May 12, 2017, the WannaCrypt ransomware targets Microsoft Windows OS and then encrypts data with the only escape being bitcoin payout.
It's been dubbed and shorted in the news as "WannaCry". But how did many of our customers remain unscathed and not "want to cry" this weekend? Read below for LogRhythm's 3 kill points.
Though it's first infection it was able to infect more than 230,000 computers spanning 150 countries. In our roles as IT professionals we are always on call, on alert and ready for crisis. The healthcare industry was affected the highest in this attack, with the known risks of releasing and holding patient information.
But one thing we try to maintain is order, avoid crisis and at all costs, stop attacks such as this. Over the weekend as many scrambled to install patches, monitor their security platforms - meanwhile losing sleep, LogRhythm customers were able to rest easy.
3 Kill Points
1) The infection would have been seen on LogRhythm's first system and quarantined WannaCry
2) LogRhythm's platform would have seen the process spin up on a system and denied that process and any subsequent
3) Finally, the platform would have seen the port open for external communication and shut it down before it had a chance to call out to that unlisted domain
In response, learn more about LogRhythm's security platform and how you don't have to be a packet ninja to see who's talking in your network.
Register for a 30 minute Webinar on June 8th: http://go.iqsg.com/packet-ninja