Last Friday, Darktrace detected and automatically responded to the WannaCry ransomware for a number of partners and customers, including an NHS trust.

Darktrace uses machine learning and AI algorithms to automatically learn about our customers’ infrastructures, and then detect and respond to developing threats as they happen. The WannaCry malware activity was successfully identified due to the highly anomalous way in which the devices were behaving as they attempted to access and encrypt files, and laterally scan for other exposed devices.

On detecting the ransomware, Darktrace also responded in real time by forcibly dropping suspect connections within the internal network and stopping its spread. This entirely autonomous response, generated by Darktrace Antigena, gave security teams the vital time to catch up before the data was lost or encrypted.

The ease and speed with which Darktrace is deployed has enabled us to work with thousands of organisations around the world, and we are proud to have been able to help them defend against the largest ransomware attack in history this weekend.

If you are concerned about ransomware attacks or want to learn how to use Darktrace to automatically detect and respond to in-progress cyber-threats, you are advised to carry out a Proof of Value with Darktrace.


During a Proof of Value, a self-configuring appliance is installed within your network free of charge for a period of 30 days, allowing you to discover the benefits of Darktrace’s machine learning in your own infrastructure, without any technical set-up or financial overhead. To reserve an installation date, please contact us.


Press Release:

Break-through AI Technology Detects and Contains WannaCry Attack at NHS Agency Before Damage is Inflicted 

Cambridge, UK – May 15th, 2017 – Darktrace, the leader in Enterprise Immune System technology, has announced today that a number of its customers, including an NHS agency, successfully detected and contained a WannaCry ransomware attack on their networks on Friday with Darktrace’s break-through AI technology for cyber defense, which spotted the threat within minutes.

The WannaCry malware attack is unprecedented in scale and has affected over 200,000 devices across 150 countries according to Europol, including the UK’s National Health Service, Spain’s Telefonica and FedEx in the US. Spread by a pernicious email attachment and supercharged by a worm, the stealthy malware encrypts files, with cyber criminals demanding ransom before users can regain access to their data. Traditional security tools that use rules and signatures to stop cyber-threats at the border fell short in the face of this never-seen-before and fast-spreading malware.

Unlike the old attempts to keep malware at bay, the Enterprise Immune System is a pioneering, machine-learning technology capable of detecting and fighting back against stealthy ‘unknown unknowns’, such as WannaCry, automatically and in real time. Modeled after the most powerful biological system, the human immune system, the disruptive technology leverages advances in mathematics and machine learning, to learn the normal ‘pattern of life’ of every user and device on a network. Antigena, its automatic response technology, acts as a digital antibody, taking proportionate, remedial action to neutralize emerging threats. For example, it can slow down or stop a compromised connection or device, but does not impact normal business operations.

Darktrace’s AI technology alerted its affected customers as soon as the first signs of WannaCry emerged on their networks and as the malware was attempting to spread laterally across the respective organizations. The infection was successfully contained before it had inflicted any damage, proving the fundamental power of the Enterprise Immune System.

“At Darktrace we catch and contain ransomware every week,” commented Nicole Eagan, CEO at Darktrace. “WannaCry bypassed traditional security defenses proving them futile in this new era of cyber warfare. Security teams cannot face this challenge without the right tools in place. Darktrace’s Enterprise Immune System is a true manifestation of AI in action: detecting and stopping threats before the human teams have even had time to notice.”

Do NOT follow this link or you will be banned from the site!