Forum Discussion
Has Office 365 been updated to protect against WannaCry?
VasilMichev Hi, how we can delete emails with this malware links from quarentine?
The Advanced Threat Protection of exchange office365 detect this links?
Malware does not go to the quarantine. Plus, there are features such as ZAP that can remove messages from user's mailboxes even after they are received: https://support.office.com/en-us/article/Zero-hour-auto-purge-protection-against-spam-and-malware-96deb75f-64e8-4c10-b570-84c99c674e15?ui=en-US&rs=en-US&ad=US
Lastly, you can always do a manual Purge operation, but for that you need to know the criteria to identify those suspicious messages (a subject for example).
A simple query to the team, is there any incident reported of wannacry attack heppend through email media?
If yes what is the pattern of email?
This will help us more in sending communication to user with exact way the attacker framed email
Regards,
Manjunatha Gowda
WannaCry probably didn't arrive via email, that's what the latest https://nakedsecurity.sophos.com/2017/05/17/wannacry-the-ransomware-worm-that-didnt-arrive-on-a-phishing-hook/ are saying:
"SophosLabs has determined that this probably didn’t start the way a typical ransomware attack does, as a phishing email carrying a malicious attachment or link the user is tricked into opening."
The article provides more technical details about how WannaCry spreading via the SMB flaw. Further details are likely to emerge in the coming days.
By the way, I wrote up https://social.technet.microsoft.com/wiki/contents/articles/37924.microsoft-security-practical-guidance-on-preventing-cyberattacks.aspx on preventing ransomware attacks, more aimed at what organisations could do better with procedures etc.
