The May 12, 2017 WannaCry blitz was the largest ransomware attack in history. With victims in over 150 counties and damages in the hundreds of millions of U.S. dollars, this attack has caused significant alarm and recovery efforts around the globe. WannaCry is a combination of a Trojan/ransomware and a worm that leverages an SMB file-sharing protocol exploit named EternalBlue. EternalBlue is part of a large dump of supposed National Security Agency developed exploits, which were released by the Shadow Broker. Although the first version of the ransomware package had the worm feature disabled, several new variants are appearing in the wild without this weakness.
Despite the casualties and alarm, SonicWall customers using Gateway Anti-Virus, Intrusion Prevention service, and Capture Advanced Threat Protection (ATP)Service were safe from WannaCry ransomware and the worm that spreads well in advance of the attack. Since the release of the first version of the code, SonicWall Capture Labs identified several new variants and released numerous counter measures that also block copycat attacks. Capture ATP Service discovers and stops unknown malware attacks at the gateway, protecting subscribers against whatever else may come next.