Traceback Analysis of WannaCry Ransomware

Since May 12, 2017, WannaCry has spread on a massive scale around the world, causing significant impacts. Therefore, security firms start to analyze and prevent the spread of this ransomware. Technical personnel of NSFOCUS also analyzed the sample immediately and released a detailed analysis report.

Analysis Report on the WannaCry Sample

The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks.

2016 DDoS Threat Trend

In this report, we present a multi-dimensional analysis of DDoS attack data and botnet data and summarize and analyze typical attack events in 2016, revealing threats of DDoS attacks and the overall threat trend in 2016.

互联网企业的等级保护建设之路

随着互联网企业的迅猛发展,其自身核心业务安全性的不断提升和行业监管力度的不断加强,如何应对与日俱增的内部需求和外部驱动,本文分析了互联网企业面临的安全威胁及合规监管,以及业内现有的针对该行业的安全建设内容,然后提出了我们基于三级等保的互联网企业信息安全建设思路,从整体上发现并解决互联网行业的安全问题。