WannaCry Powershell Detector

gisliScriptingLeave a Comment

As you may or may not know there is an outbreak going on with a Virus named WannaCry. There are some computers that are affected. I created a small script that checks for specific files, and if the powershell detects it, it sends an email and disables all the network cards. You can run this at startup by using GPO, so in the morning when users arrive in the office and start the computer the script will run. Here is the script

Note, you can modify the code as you wish, but use it with your own risk!.

Update 15.05.2017 – There seem to be some copycats using the same approach. The media is talking about there will be another wave of ransomware so I will update the script based on the ransomware configuration. Please update your clients and servers with the latest security updates, update the OS to the latest version.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.