Threat Intelligence Report (15th May-21th May 2017)

How Red Piranha’s Security Systems & Response Mechanism Worked During the WannaCry Ransomware Attack:

Since the hacker group called Shadow brokers leaked tools used by the NSA, our highly trained team of experts included 117 new rules into the Crystal Eye System to mitigate against future threats based around the Windows SMB Zeroday and other related attack vectors exposed in this leak.

We also were also quick to analyze the threats posed by the Shadow Brokers leaks which were published in our blog article on April 15, 2017.

Read: Recent Shadow brokers dump exposes over 3 million systems and the number is climbing

Just after the NSA hacking tools were made public by the Shadow Brokers our highly trained team of experts included 117 new rules into the Crystal Eye System to mitigate against future threats based around the Windows SMB Zeroday and other related attack vectors exposed in this leak.

However on May 12, 2017, cyber criminals had launched attacks with variants based on the tools released back in Easter in Europe. Our manually added rules already included in the system would have prevented most of the attacks to some extent but our system also would have stopped new attacks by 2 am our time via our threat intelligence feed and automatic updates. On Mid-day Saturday (May 12, 2017) we undertook an audit of our system to track our updates to determine how fast our automated systems would have been protecting our clients and found new IOC's would have made into Crystal Eye by 2 AM WST.

Timeline of Events:

Time Line of events since shadow brokers leak