• Install the official patch from Microsoft that closes the vulnerability used in the attack
  • Ensure that security solutions are switched on all nodes of the network
  • If Kaspersky Lab’s solution is used, ensure that it includes the System Watcher, a behavioral proactive detection component, and that it is switched on
  • Run the Critical Area Scan task in Kaspersky Lab’s solution to detect possible infection as soon as possible (otherwise it will be detected automatically, if not switched off, within 24 hours).
  • Reboot the system after detecting MEM: Trojan.Win64.EquationDrug.gen
  • Use Customer-Specific Threat Intelligence Reporting services

A detailed description of the WannaCry attack method, and Indicators of Compromise can be found in the Blog Spot on Securelist.

Microsoft Patch Details:https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Microsoft Customer Guidance for WannaCryptattack:- http://blogs.technet.microsoft.com/msrc/2017/5/12/customer-guidance-for-wannacrypt-attacks/