Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…
Read MoreMay 16, 2017
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read MoreMay 15, 2017
In just the last few months, LogRhythm has been named a Leader in the Forrester Wave: Security Analytics Platforms, Q1 2017 analyst report, was honored by the SANS Institute in the “Best of 2016 Awards” in the SIEM category for…
Read MoreMay 9, 2017
Detecting and responding to a threat in the earliest stages of the Cyber Attack Lifecycle is the key factor in preventing a breach from becoming a detrimental incident. LogRhythm User and Entity Behavior Analytics (UEBA) detects and neutralizes both known…
Read MoreMay 4, 2017
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read MoreApril 24, 2017
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read MoreApril 20, 2017
