WannaCry, a recent ransomware attack, is impacting organizations worldwide, with losses estimated at $4B in more than 150 countries. The combination of a ransomware executable along with worm like propagation using vulnerability exploitation makes it a very deadly cyberattack. Modern zero-day and evasive malware require a new approach to detect.
SecondWrite has built a cutting-edge sandbox that is setting a new standard in detecting zero-day and evasive malware. It captures WannaCry’s core behavior and deems it ransomware, without any signatures or training. Several of our customers have been successfully using our cloud sandbox to understand WannaCry and its variants. It captures several indicators for WannaCry not captured by the widely used Cuckoo sandbox. It gave it a maliciousness score of 10/10, with 100% confidence that it is malware.
Below we show three images, showing what the SecondWrite sandbox tool automatically outputs for the WannaCry malware:
- Detects more than 30 indicators of compromise (IOCs) that are . A subset is shown in the table below.