Endpoint Protection

I would just like to ask about WannaCry ransomware 2.0 latest news? Is there any new variant for this threat? and are we still protected from it specially for those that still using SEP 12 (I'm currently using 12.1.6 MP5)? 

Thanks in advance. 

The first step is to fully patch your systems  as it exploits SMB vulnerability , if you IPS in place then use this policy from symantec...

https://www.symantec.com/outbreak/?id=wannacry

Hello NewOne19,

You are protected against WannaCry Ransomware 2.0.

Symantec Endpoint Protection 12.1 protects from these Threats, however, it is highly advisable for you to please ensure you have the latest version of SEP 12.1 RU6MP8 installed with all the features on your endpoints.

https://www.symantec.com/outbreak/?id=wannacry

Symantec Security Response just published a new blog on this, with all their detections.

Read it here:

https://www.symantec.com/connect/blogs/what-you-ne...

Antivirus

• Ransom.CryptXXX
• Trojan.Gen.8!Cloud
• Trojan.Gen.2
• Ransom.Wannacry

Intrusion Prevention System

• 21179 (OS Attack: Microsoft Windows SMB Remote Code Execution 3)
• 23737 (Attack: Shellcode Download Activity)
• 30018 (OS Attack: MSRPC Remote Management Interface Bind)
• 23624 (OS Attack: Microsoft Windows SMB Remote Code Execution 2)
• 23862 (OS Attack: Microsoft Windows SMB Remote Code Execution)
• 30010 (OS Attack: Microsoft Windows SMB RCE CVE-2017-0144)
• 22534 (System Infected: Malicious Payload Activity 9)
• 23875 (OS Attack: Microsoft SMB MS17-010 Disclosure Attempt)
• 29064 (System Infected: Ransom.Ransom32 Activity)

Regards,

SEP should identify all known versions and block some new versions with SONAR.

The most critcal point with Wannacry is the SMB MS17-010 vulnerability. As long as you  have IPS enabled you will be protected from all future malware that tries to spread using this vulnerability. (At least you will block the entry way).

Thank you gentle men. I appreciate all the above information.