Last Friday saw the outbreak of one of – if not the – largest and worst ransomware campaigns ever, as the WannaCry ransomware spread to over 200,000 computers spanning 150 countries in the course of a weekend. The ransomware crippled business across multiple industries, including NHS hospitals in the UK as well as telecom and utilities companies in Spain. While the first wave of attacks seems to have subsided (in part, at least, due to a researcher unintentionally activating the ransomware’s killswitch), two variants have been detected in a second wave of attacks, and follow-on attacks using WannaCry or newer variants remain possible.
In order to help protect our customers against these attacks as well as future ransomware campaigns, we’ve updated our Ransomware Content Pack to detect and defend against WannaCry and are offering the solution to all Digital Guardian managed security service and on-premise customers free of charge. Upon hearing of the outbreak our Advanced Threat Team worked swiftly to develop the solution and has validated that the Digital Guardian agent can prevent the WannaCry ransomware from running.
All Digital Guardian customers subscribed to our Managed Security Service for Advanced Threat Protection are automatically protected. On-premise customers of the Digital Guardian endpoint agent version 7.x interested in receiving the updated Ransomware Content Pack can download it from the DG Content Server or open a ticket with the Digital Guardian support team using normal ticket creation procedures. More details on the exact capabilities of the Ransomware Content Pack can be provided by the Digital Guardian customer support team if needed, and on-premise customers using DG Endpoint version 6.x should reach out to Digital Guardian customer support directly.
We will continue to track this situation and will provide additional notification or updates as the story unfolds. We urge all customers to take this threat very seriously and implement measures to mitigate against potential infections capable of disrupting normal system operations, including patching software immediately, backing up data to an off-network location, and educating employees about the threat.
WannaCry ransomware pay screen image via EPA/Canadian Press.