Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Ransomware  

Top 5 Threats Healthcare Organizations Face and How to Combat Them

Looking to protect your healthcare organization from cyber-threats? Here are the top five threats to look out for and tips on how to outsmart attackers.…

7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros

Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.…

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.…

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several European countries and the US. It is believed that the ransomworm may achieve its initial infection via a malicious document attached to a phishing email, and that it…

Petya-like Ransomware Explained

TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to…

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary…

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server…

Wanna Decryptor (WNCRY) Ransomware Explained

Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst — literally — onto the scene with one of the initial targets being the British National Health Service. According to The Guardian: the “unprecedented attack… affected 12 countries and at least…

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that,…

The Ransomware Chronicles: A DevOps Survival Guide

NOTE: Tom Sellers, Jon Hart, Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you're of the canine persuasion, but with a little time and just a few resources they can easily determine…

I have ransomware and I didn't back up! What do I do now??

There is an old proverb, attributed to various cultures, which says: “The best time to plant a tree was 20 years ago. The second best time is now.” The same goes for backups. If you've been hit by a ransomware incident, the best way to…

Prepare Yourself for Ransomware - No More Snake Oil, Please

Ransomware has hurt more businesses than anyone expected only a year ago. This real threat to your organization could steal a great deal of productivity while systems are “locked” or directly cost the cryptocurrency demanded as ransom. For any organization that's ill prepared, it could…