A Technical Analysis of WannaCry Ransomware

Ransomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor (NetMon) query rules, and indicators of compromise.

Read More

WannaCry Ransomware

On the afternoon of Friday, May 12, 2017, what we refer to as version 2 of WannaCry ransomware started to infect systems of a private Spanish telecommunications company. This blog covers the ransomware background, a high-level technical overview, the kill switch, and advice for defending against WannaCry.

Read More

How to Sell Your Cybersecurity Strategy to the Board: An Interview with James Carder

Today most boards are well aware that cybersecurity is an important issue. But being able to convince them that your cybersecurity strategy is the right one, establish buy-in, and win their budget allocation is not always an easy task. In this interview, James Carder—LogRhythm CISO—shares his experience with executing a successful cybersecurity presentation to the board.

Read More