Product Pack containing several questions and actions for identification and removal of the Wanna Cry 2.0 ransomware attack which broke out on May 12th 2017.

Key Features

  • In case of a Wanna Cry out break, an organization can lists devices infected with by WannaCry2.0.
  • Disable SMBv1.
  • Provide patching data relevant to the WannaCry2 ransomware.
  • Risk Assessment for Wanna Cry 2.


  • This Product Pack contains instructions.
  • Upload the Product pack either with the help of Tachyon Product Pack Deployment Tool or directly by clicking on Upload button from Instruction set in 1E Platform.
  • Create an Instruction Set named WannaCry-v11 and move all the instructions from Unassigned Set to this set, unless you use Product Pack Deployment Tool which creates it automatically.


  1. Go to Explorer and search for any instruction in this pack, For Example Identify WannaCry 2.0: Lists devices infected with by WannaCry2.0 Ransomware.
  2. Click on Ask this question.
  3. This will search for known WannaCry2.0 indicators of compromise (IOC). Checks the Activity Report for forensic historic data relating to DNS lookups, Service information, processes and registry entries. Provides a likelihood rating from Low to High for potentially compromised devices.


Join Our Newsletter

Copyright © 1E 2022 All Rights Reserved

This website is designed for desktop. If using a mobile browser please change to desktop view.