* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Products and Services](https://www.paloaltonetworks.com.au/blog/category/products-and-services-ja/?lang=ja)
* Palo Alto Networks WanaCr...

# Palo Alto Networks WanaCrypt0r ランサムウェア攻撃に対するプロテクション

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F%3Flang%3Dja)  
[](https://twitter.com/share?text=Palo+Alto+Networks+WanaCrypt0r+%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2%E6%94%BB%E6%92%83%E3%81%AB%E5%AF%BE%E3%81%99%E3%82%8B%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F%3Flang%3Dja)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F%3Flang%3Dja&title=Palo+Alto+Networks+WanaCrypt0r+%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2%E6%94%BB%E6%92%83%E3%81%AB%E5%AF%BE%E3%81%99%E3%82%8B%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/?lang=ja&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks WanaCrypt0r ランサムウェア攻撃に対するプロテクション)  
Link copied  
By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?lang=ja&ts=markdown "Posts by Scott Simkin")  
Jan 25, 2018  
1 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention/?lang=ja&ts=markdown)  
[AutoFocus](https://www.paloaltonetworks.com/blog/tag/autofocus-ja/?lang=ja&ts=markdown)  
[ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware-ja/?lang=ja&ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention-ja/?lang=ja&ts=markdown)  
[WanaCrypt0r](https://www.paloaltonetworks.com/blog/tag/wanacrypt0r-ja/?lang=ja&ts=markdown)  
[WannaCry](https://www.paloaltonetworks.com/blog/tag/wannacry-ja/?lang=ja&ts=markdown)  
[WannaCrypt](https://www.paloaltonetworks.com/blog/tag/wannacrypt-ja/?lang=ja&ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire-ja/?lang=ja&ts=markdown)

This post is also available in: [English (英語)](https://www.paloaltonetworks.com.au/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/ "英語(English)に切り替える")

### **何が起こったか：**

2017年5月12日金曜日、ランサムウェア（身代金要求型マルウェア）WanaCrypt0rの最新亜種による一連の攻撃が広範囲に対して始まりました。これらの攻撃はWannaCrypt, WannaCryとも呼ばれ、世界中の公的・民間組織に影響を与えたと報告されています。Palo Alto Networks の次世代セキュリティプラットフォームはこの攻撃に対するプロテクションを自動で作成、配布、適用を行いました。

### **どうやって攻撃されるのか：**

WanaCrypt0rの初期の感染経路はまだ明らかになっていない部分もありますが、SMBプロトコルを経由して、ネットワーク内のMicrosoft Windows システムにある脆弱性 EternalBlue (CVE-2017-0144)を悪用し、他のホストに広範囲に感染を広めようとして攻撃します。この脆弱性は、2017年3月にMicrosoftが[MS17-010](https://technet.microsoft.com/ja-jp/library/security/ms17-010.aspx)として対処したもので、2017年4月にハッカー集団「Shadow Brokers（シャドー・ブローカーズ）」によって一般公開されています。

Microsoft はWanaCrypt0r攻撃に対する防御について[記事](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/)（リンク先英語記事。同社の日本のセキュリティチームも、[同様の情報をまとめた記事](https://blogs.technet.microsoft.com/jpsecurity/2017/05/14/ransomware-wannacrypt-customer-guidance/)を公開しています）を公開し、Windows XPを含む、サポート期間の切れたバージョンに対するパッチの提供を開始しました。MS17-010 のパッチを適用している組織は WanaCrypt0r の感染がネットワークを介して広まるリスクはありませんが、現在アクティブな攻撃で使用されているネットワークコンポーネントにあるリモートコード実行可能な脆弱性を修正されているため、私たちはこのセキュリティアップデートの適用を早急に行うことを強くおすすめします。

### **阻止：**

Palo Alto Networks のお客様は、攻撃ライフサイクルのいずれにおいても脅威を自動的に止めることができる脅威阻止アプローチを適用している我々の次世代セキュリティプラットフォーム経由で守られています。Palo Alto Networks のお客様は次世代セキュリティプラットフォームに対して提供している複数の脅威阻止コントロールを通じて自動的にWanaCrypt0rランサムウェアから守られています。

* * **WildFire** はすべての既知サンプルをマルウェアとして分類し、悪意のあるコンテンツがユーザーに配布されることを自動的にブロックしています。
  * **脅威防御**
    * この攻撃に使用されているSMB脆弱性の悪用- ETERNALBLUE (CVE-2017-0144 - MS17-010)に対応する IPS シグネチャ（公開: 688-2964）を適用しています。
    * [ThreatVault](https://threatvault.paloaltonetworks.com/?query=Trojan-Ransom/Win32.wanna&type=) (脅威名"Trojan-Ransom/Win32.wanna.a" and "Trojan-Ransom/Win32.wanna.b"を含む)で参照できるアンチマルウェアシグネチャを展開します。
    * 脆弱性を狙ったエクスプロイトであるバックドアツール、DoublePulser向けのコマンド＆コントロールの防御（公開：695）を提供しています。[ThreatVault](https://threatvault.paloaltonetworks.com/?query=DoublePulsar&type=) 等で見つかっています。
  * **URLフィルタリング** は悪意のあるURLをモニタしており、必要な場合防御を適用します。
  * **DNSシンクホール機能** はネットワーク上の感染端末を特定することができます。[ベストプラクティス](https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891)については[製品ドキュメント](https://www.paloaltonetworks.com/documentation)を参照ください。
  * **Traps** はエンドポイントで WanaCrypt0r マルウェアの実行を阻止します。 Trapsの防御についての詳細は、[ブログ](https://www.paloaltonetworks.com/blog/2017/05/traps-protections-wanacrypt0r-ransomware-attacks/?lang=ja) でもご確認いただけます。

* **AutoFocus** は[WanaCrypt0rタグ](https://autofocus.paloaltonetworks.com/#/tag/Unit42.WanaCrypt0r)を通じて脅威分析と脅威のハンティングができるようこの攻撃を追跡します。

* **GlobalProtect** を通じて次世代ファイアウォールポリシーをモバイルユーザに拡大することでリモートワーカーを守ることができます。

Palo Alto Networks 次世代セキュリティプラットフォームを使ってランサムウェアを阻止するベストプラクティスについてはこちらの[ナレッジベース](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTLCA0&lang=ja)を参照ください。

弊社は、すべてのWindowsユーザーに対し、サポート期間が切れたバージョンを含め、Microsoftが公開した最新のパッチを確実にインストールすることを強くお勧めします。

*** ** * ** ***

## Related Blogs

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint/?lang=ja&ts=markdown), [カテゴリーなし](https://www.paloaltonetworks.com/blog/category/%e3%82%ab%e3%83%86%e3%82%b4%e3%83%aa%e3%83%bc%e3%81%aa%e3%81%97/?lang=ko&ts=markdown)

[#### WanaCrypt0r ランサムウェア攻撃に対するTrapsによるプロテクション](https://www.paloaltonetworks.com.au/blog/2017/05/traps-protections-wanacrypt0r-ransomware-attacks/?lang=ja)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must/?lang=ja&ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features-ja/?lang=ja&ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention/?lang=ja&ts=markdown), [Use Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases-ja/?lang=ja&ts=markdown)

[#### LockBit 3.0への注意喚起とCortexによる対策](https://www.paloaltonetworks.com.au/blog/security-operations/threat-alert-cortex-vs-lockbit-3-0/?lang=ja)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must/?lang=ja&ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls-ja/?lang=ja&ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector-ja/?lang=ja&ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security-ja/?lang=ja&ts=markdown), [視点](https://www.paloaltonetworks.com/blog/category/%e8%a6%96%e7%82%b9/?lang=ja&ts=markdown)

[#### ロシア・ウクライナのサイバー活動によりサイバーセキュリティのベストプラクティス見直しは不可避に](https://www.paloaltonetworks.com.au/blog/2022/03/russia-ukraine-cyber-activity-best-practices/?lang=ja)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention/?lang=ja&ts=markdown)

[#### Unit 42が提供するセキュリティコンサルティングサービスとインシデントレスポンスサービスとは？](https://www.paloaltonetworks.com.au/blog/2025/04/unit-42-japan-services/?lang=ja)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-jp/?lang=ja&ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise-2/?lang=ja&ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future-2/?lang=ja&ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention/?lang=ja&ts=markdown)

[#### Precision AI™ と SASE](https://www.paloaltonetworks.com.au/blog/2024/06/precisionai-sase/?lang=ja)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-jp/?lang=ja&ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint/?lang=ja&ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services-ja/?lang=ja&ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention/?lang=ja&ts=markdown)

[#### 分析・検知結果の情報粒度により大きく変わるインシデント対応時間](https://www.paloaltonetworks.com.au/blog/2024/04/bring-mttd-and-mttr-closer-to-zero/?lang=ja)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language