If you are in the free speaking world and have access to news outlets, you’ve no doubt heard about the WannaCry ransomware attack targeting systems all over the world. The estimates are that over a quarter of a million computers have been compromised spanning more than 150 countries. If you have anything to do with the operations and engineering of your company’s infrastructure, you probably started wondering if WannaCry had made it’s way into your piece of the universe.

An easy way to get visibility into the WannaCry malware in your environment is to install LogZilla and use the pre-built rules from our LogZilla Extras GitHub repository.

Next, point your network and server telemetry to your LogZilla server and, within seconds, you’ll be able to select IoC-WannaCry or IoC-IP_Blacklist from the Program dropdown to see if your company has been infected.

WannaCry Dashboard

Here is a screenshot of one of our dashboards filtered on these programs:

WannaCry
Wannacry Dashboard
Editing widgets for this data is equally as easy
WannaCry
WannaCry Alerts

Now that you have the data in LogZilla, alerts and automatic remediation are just as easy. Here is an example trigger that will send a Slack message with information about the newly found malware infected host:

Trigger
WannaCry Trigger

Here is what the Slack message looks like when we receive it from LogZilla:

WannaCry Slack Alert
WannaCry Slack Message

It is that easy to identify and be alerted when malware like this manifests in your organization.

Having a LogZilla NetOps management platform will provide you with incredible visibility and insight, in real-time, to what’s happening in your environment, right now. If you would like to learn more about how LogZilla can make your team more proactive and how you can look like a Network Hero, contact me and we’ll tell you how to install LogZilla in just a few minutes!

Posted 
May 17, 2017
 in 
Malware
 category

More from the

Malware

 category

View All