Does Malwarebytes Premium detect Wannacry?

[boulderpictures]

Does Malwarebytes Premium detect Wannacry? I am a paying customer, and I keep seeing Wannacry being talked about, but I am not familiar with these sort of thimgs...

[AdvancedSetup]

Yes, if all of the protection modules are loaded and working we do detect and prevent it.

Cheers

Ron

 

[Buddel]

Here's some more useful information: https://blog.malwarebytes.com/cybercrime/2017/05/wanacrypt0r-ransomware-hits-it-big-just-before-the-weekend/

[Maurice Naggar]

@boulder pictures.

Just to add one other point.  This relates to the importance of keeping your MS Windows system fully up to date with security patches.

Microsoft patched the vulnerability a month earlier.

as far as the wannacry /  WanaCrypt0r ransomware,
Both our consumer product, Malwarebytes 3 Premium, and our business product, Malwarebytes Endpoint Security, already provide proactive protection against this threat.
Our Malwarebytes 3 Premium includes multiple type of protections all in one single program.
Anti-malware + anti-exploit + anti-ransomware + web protection.

Cheers.

[Telos]

3 hours ago, boulderpictures said:

Does Malwarebytes Premium detect Wannacry?

This is "old stuff" now. Pretty much every antimalware kid on the block has upgraded their products by now. The real test happened weeks ago.

Check out MB's malware removal forums and see if others are reporting Wannacry intrusions on their MBAM systems (I don't think you will find any Wannacry cases).

[gonzo]

As @AdvancedSetup said, our protection package did prevent it almost a week before it became known.  Same for EternalRocks.  Complex threats may require complex defenses, so make sure to use the full program (don't disable parts for convenience),

[Sherlock]

I have recently updated one of my Acer PC to latest win10. As has been reported by many MS has disabled SMB 1which was the backdoor for wannacry.

So until the last update I could see my 2 macs and all files therein showing up on my Network. After reading on these forums, am I correctly assuming that by the mere fact that MB is active on my Acer that I can reinstate SMB 1, 2 or 3 and regain my connectivity and sharing with my macs on my enclosed system.?

Would I still be vulnerable as I am always connected to internet? I do maintain good practice such not going to krap sites or any of those sites that are well reported to be vulnerable.

Thanks

[exile360]

I realize this is a lot of info, so the TL;DR version is: technically Malwarebytes doesn't protect against network based attacks like the SMB exploit used to spread the WannaCry ransomware, however with its 6+ layers of defense, I would personally feel secure continuing to use SMB as long as you keep your OS patched and your security software (like Malwarebytes) up to date.

 

Now for the long version:

Actually, while Malwarebytes did detect/prevent WannaCry at hour 0 with its signature-less protection (the anti-exploit component), it didn't actually do so via the SMB attack/backdoor (known as EternalBlue) because the anti-exploit component in Malwarebytes is not currently capable of detecting/blocking network protocol based exploits like EternalBlue; it does however include an anti-ransomware component which did detect and stop the primary attack, the actual ransomware that would attempt to encrypt users' files.  I also believe that the anti-exploit component did detect the downloader/dropper component of the worm, which would prevent the ransomware from downloading/executing in the first place.

As for whether or not you are safe to continue using SMB 1, 2 or 3, that honestly all depends on what vulnerabilities might still lurk in those protocols that we don't know about yet (assuming there are any) that Microsoft has not yet patched (MS had actually released a patch for the EternalBlue exploit/vulnerability a full month before the WannaCry/WannaCrypt0r attack began, so if users had actually had their Windows up to date, they wouldn't have been infected with the exception of XP of course, which MS no longer supported/was no longer patching at the time, though they did publish a patch for it after the WannaCry attack event).

Now, with all of that said, there are always risks with any kind of communication protocols (even the widely praised HTTPS) because in theory, any form of encryption or secure communication protocol may be broken eventually so the fewer that are in use/active on a system, the smaller the attack surface the better.

I personally had already completely disabled/removed all SMB, Remote Desktop (RDP), File and Printer Sharing and several other protocols and Windows components that I don't use prior to the WannaCry event as part of my standard system configuration procedures that I perform every time I install Windows or setup a new system.  Now that does not mean that I advise everyone else to do so, however if they aren't using them then I do believe that they should disable/remove them.  In your case, you still have use for them so if I were you and I desired that functionality, I would leave the protocol enabled and just make sure to keep my operating system and network card/chip drivers up to date (because contrary to what you may hear from some tech gurus, updating drivers can be important even if the driver you have seems to be working OK, though I still side with them against the use of so-called driver updater software and believe one should only download new drivers from the actual hardware manufacturer of the device being updated having first-hand experience with just how wrong those driver updater programs can be and how they can install the wrong drivers and cause more problems than they fix), and of course keep using solid security software like Malwarebytes (and keep it up to date too ) to help keep the system safe from malware, PUPs, exploits, ransomware, scams, worms, Trojans, rootkits, bots and other web based threats.