PC Condom is an affordable, easy to use option for small businesses.
May 23, 2017WannaCry / Wana Decryptor / WanaCrypt0r Info & Technical Nose Dive
Today was a big day for the WannaCry / WanaCrypt0r ransomware as it took the world by storm by causing major ransomware outbreaks at Telefonica, Chinese Universities, the Russian Interior Ministry, and other organizations…
Article on BleepingComputer by By Lawrence Abrams (Full article here)
This ransomware is spread through a Worm executable that scans the Internet for Windows servers that have the Samba TCP port 445 accessible. This port is the SMB port that the ETERNALBLUE exploit uses to gain access to a computer. When the Worm gains access to a computer it will create a copy of itself and execute the program on the infected computer.
PC Condom doesn’t prevent the exploit OR the download of the package (it comes in as a Zip) BUT for it to ‘execute’ the program, it has to copy the ‘program’ to the hard drive. PC Condom blocks programs from being written to the hard drive and therefore stops the infection.
The image shows a paylaod is .zip format:
PC Condom prevents taskdl.exe and taskse.exe after being extracted from the zip file from being written to the hard drive so it can be ran. The WanaDecrypt0r loader will then extract the contents of this zip file into the same folder and perform some startup tasks. The bolded part is PC Condom blocks.