This malware, which utilizes the ETERNALBLUE exploit against the MS17-010 vulnerability, encrypts files and demands a ransom payment to decrypt them. Enterprises face the daunting task of determining where this vulnerability exists within their global IT environments, and existing enterprise security solutions are slow to deploy. In response to this attack,
- QID 91345 - Microsoft Server Message Block (SMB) Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers
Qualysinitiated coverage for this missing patch on supported platforms on March 14, a month before the Shadow Brokers dump. This QID has been updated to also detect the new patches for End-of-Life (EOL) versions of Windows.
- QID 91360 - Microsoft Windows SMBv1 and NetBIOS over TCP/IP (NBT) Remote Code Execution - Shadow Brokers (ETERNALBLUE) MS17-010
Qualysadded this QID immediately following the Shadow Brokers release on April 14to also detect the vulnerability exploited by ETERNALBLUE across all Windows platforms. This QID has also been updated to not flag if the EOL patches have been installed.
- QID 70077 - Double Pulsar Backdoor Detected (Shadow Brokers)
Detects the presence of the DOUBLEPULSAR backdoor that WannaCry can leverage to propagate.
- QID 1029 - WannaCrypt Ransomware Detected. Detects WannaCry and can be used to trigger alerts on new infections.
- Vulnerability Management - Provides comprehensive scanning capabilities through network scanners or via cloud agents so organizations can quickly and accurately identify which assets are vulnerable or have been infected with WannaCry.
- ThreatPROTECT - Provides one-click access to a dashboard of impacted assets through the Live Threat Intelligence Feed that provides most-up-to-date threats, as well as a detailed analysis of ETERNALBLUE and WannaCry.
- AssetView - Can help organizations locate and track legacy and current Windows assets impacted by these exploits in dynamic widgets.
- Continuous Monitoring - Allows organizations to create alerts to track any WannaCry infections that pop up on their network.
- Scanning of unlimited IP addresses
- Deployment of unlimited Virtual Scanner Appliances or Cloud Agents
- WannaCry up-to-date blog post: qualys.com/wannacry
Qualyson LinkedIn and Twitter
- Read more about the Qualys Cloud Platform
QUALYS MEDIA CONTACT
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/security-alert-qualys-offers-30-day-free-unlimited-service-to-identify-and-track-remediation-of-assets-exploitable-by-wannacry-ransomware-300460559.html
News Provided by Acquire Media