In response to this useful article by Kaspersky, this page now includes information on wipers, which often resemble or masquerade as ransomware but are essentially just destructive.
Kaspersky Threat Post:
Secrets of the Wiper: Inside the World’s Most Destructive Malware. “Shamoon, Black Energy, Destover, ExPetr/Not Petyaand Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies.”
ESET has previously published quite a lot of material on Black Energy which can be found here. Of course, other articles are available, but I get to see most of the ESET articles before they’re published, so I’m more aware of them.
This obviously isn’t the only way to check, and it may not be the only tool of its kind out there – I haven’t been looking for such a tool. And clearly, checking for a specific vulnerability isn’t a substitute for a sound patching strategy, or for using security software that detects malware (including WannaCryptor) reasonably reliably. But while I haven’t tested it personally, I’d be very surprised (in view of my longstanding association with ESET) if this tool didn’t do what it says on the tin, so some people and organizations might well find this useful.
There are reports of further variants, including one which is alleged not to include a kill switch. That might not be an accurate report, but certainly no-one should be relying on the neutralization of kill-switch domains rather than patching.
And if you have been caught out by the malware and were thinking of paying up, be warned that payment may not get your files back, according to Checkpoint: WannaCry – Paid Time Off?
Analysis by Microsoft here. MS recommends that you update to Windows 10 (no comment…) and/or apply the MS17-010 update. If that’s not possible, they recommend that you: