By WatchGuard’s Chief Technology Officer Corey Nachreiner
On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 (also called WannaCry, WanaCrypt0r, and WannaCrypt) began to infect organizations across the world. Within several hours, over 75,000 victims were reported in 90+ countries, including hospitals in the UK, telcos in Spain and the Russian ministry, to name a few.
Initial analysis of the ransomware appears to show it spreading via MS17-010, a critical SMB vulnerability in the Microsoft Windows operating system that was recently disclosed as a part of the Shadow Brokers dump of NSA hacking tools. It is believed though, that the ransomware is first delivered via emails with a zip attachment.
As WatchGuard’s CTO, Corey Nachreiner details in this Daily Security Byte, implementing a layered approach to security is vital to stopping threats like this.
IT administrators should install the latest Windows security updates to resolve the MS127-010 vulnerability. Additionally, WatchGuard customers should enable Gateway AntiVirus, APT Blocker, and IPS to stop the ransomware at their network perimeter.
Tips for ransomware targets/victims:
If you’ve fallen victim to WCry 2.0:
First, remove infected computers from your network as quickly as possible. This attack seems to leverage a Windows networking vulnerability to spread to many computers in a network. It is unclear if that capability is built directly into the ransomware itself, or if its built into an accompanying spreader file. In any case, you want to separate compromised computers from the rest of your network to avoid further infection.
Second, keep your encrypted files for a few weeks. If you don’t have backups, there is still a very small chance you can get your files back. A lot of modern ransomware uses solid encryption ciphers that the industry can’t break. However, there are still plenty of malware authors that mess up. At least one researcher has tweeted that Wcry 2.0 might have done its encryption in a way that researchers might be able to crack. Don’t bank on this, but keep your encrypted files around just in case a researcher does figure out a way to recover them.
Original article by Corey can be found here…
Want to know more about ransomware and how to avoid it? Rockford IT’s IT Security Tester explains all here…
Thanks for reading all the way to the end!
We'd love 'it' if you shared this article.
SysGroup install, maintain and configure WatchGuard products to fit your business
Expert Configuration, Emergency 24/7 SupportHelp Me
Firewall, Unified Threat Management (UTM), Wireless and Virtual Solutions.
Help me ChooseShow Me