A Technical Analysis of WannaCry Ransomware
Posted by: LogRhythm Labs
Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…
Read More
May 16, 2017
WannaCry Ransomware
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read More
May 15, 2017
Trifecta: LogRhythm Recognized by Forrester, SANS, and SC Labs
In just the last few months, LogRhythm has been named a Leader in the Forrester Wave: Security Analytics Platforms, Q1 2017 analyst report, was honored by the SANS Institute in the “Best of 2016 Awards” in the SIEM category for…
Read More
May 9, 2017
Stop Insider Threats with LogRhythm’s UEBA Capabilities
Detecting and responding to a threat in the earliest stages of the Cyber Attack Lifecycle is the key factor in preventing a breach from becoming a detrimental incident. LogRhythm User and Entity Behavior Analytics (UEBA) detects and neutralizes both known…
Read More
May 4, 2017
How to Extract SCSM Log Files from a Remote Windows Host
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read More
April 24, 2017
Analysis of Shamoon 2 Disk-Wiping Malware
Posted by: LogRhythm Labs
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read More
April 20, 2017