By now, most people would have heard about the “WannaCry” or “WannaCrypt” ransomware, which has been creating havoc all over the world. For those who haven’t, it’s a type of virus/malware that once it finds its way into a computer, it will look for and encrypt any available files and folders on that computer and any other computers on the same network. The files are then in effect kept hostage, and a demand for payment is made in return for access to the data. Many high-profile organizations have been hit (NHS, Telefonica, FedEx, and many more) and infections have been detected in over 100 countries.
How is the infection spread?
Like most types of virus, Ransomware is spread and delivered through various means, including opening malicious email attachments (usually from an unknown or unsolicited source), clicking on a malicious link within an email or on a social networking site or simply by browsing untrustworthy websites.
Attackers often use victim specific information, such as bank details, order tracking numbers and other business communications (gathered using phishing or social engineering methods) to entice users to read the email and open the attachment.
Once infected, WannaCry and WannaCrypt exploit a known Microsoft Windows vulnerability (MS17-010) to spread within the network to other vulnerable machines, which is why this specific release of ransomware is more dangerous than previous similar infections. Microsoft has taken what it describes as a “highly unusual” step to provide public patches for Windows operating systems that are no longer in support. This includes specific fixes for Windows XP, and Windows Server 2003.
What can be done to help prevent it?
There is no way to completely eliminate the risk of being infected. We often hear about some of the most secure systems being hacked or infected on the news. But there are practical steps which can reduce the risk of infection and mitigate the impact of infection;
- First and foremost, user training and guidelines in email and URL security (see our blog post http://blog.entegraty.com/?p=2857).
- an Antivirus solution such as Sophos Intercept X or Bitdefender Gravity Zone
- a Spam filter such as Forcepoint Email security
- a URL filter such as Forcepoint Web security or Solarwinds Web monitor
- Ensuring your systems are up to date with latest security patches
- Ensure an up to date and effective backup
Entegraty is a partner solution provider for Sophos, Symantec, Bitdefender and Forcepoint.