After WannaCry - Getting Ahead of Ransomware
Learn how to be prepared to quickly address the growing threat of ransomware and limit your company's exposure to future attacks.
WannaCry (also known as WannaCrypt, WanaCrypt0r 2.0, or WannaDecryptor) is a ransomware variant that emerged in a massive outbreak on Friday, May 12 2017, spreading to infect over 200,000 computers across 150 countries in a matter of days. Like typical crypto-ransomware, WannaCry encrypts victims’ files and demands a ransom in exchange for a decryption key. However, WannaCry is unique in its ability to self-propagate without relying on traditional malware attack vectors like phishing emails or drive-by downloads.
WannaCry self-propagates by exploiting a critical severity non-zero-day vulnerability in various Microsoft operating systems known as MS17-010 (CVE-2017-0144), which enables remote code execution against Microsoft Server Message Block 1.0 (SMBv1). Once it infects a machine, WannaCry behaves like a worm, scanning networks for vulnerable systems with port 445 open to further spread.
|•||Patch all software, particularly any systems containing the MS17-010 vulnerability – Microsoft has released a patch for vulnerable legacy systems including Windows XP and Windows 2003|
|•||Back up critical data to a secure, offline location|
|•||Educate employees on what to do if they are infected|
We’ve updated our Ransomware Content Pack to protect against WannaCry and are providing it free of charge to all Digital Guardian customers. All customers subscribed to our Managed Security Service for Advanced Threat Protection are automatically protected. On-premise customers of the Digital Guardian Endpoint Agent version 7.x interested in receiving the updated Ransomware Content Pack should open a ticket with the Digital Guardian support team using normal ticket creation procedures. More details on the exact capabilities of the Ransomware Content Pack can be provided by the Digital Guardian customer support team if needed, and on-premise customers using DG Endpoint version 6.x should reach out to Digital Guardian customer support directly
Digital Guardian protects against WannaCry and other malware via our Managed Security Program for Advanced Threat Protection. To learn more about how our Managed Security Program can protect your organization against WannaCry and other sophisticated threats, contact us.
|•||Ransomware articles on the Digital Guardian Blog|
|•||Use Case: Ransomware Protection from Digital Guardian|
|•||Data Sheet: Digital Guardian Managed Security Program for Advanced Threat Protection|
|•||Data Sheet: Digital Guardian for Ransomware Protection|
|•||Data Sheet: Digital Guardian for Healthcare Ransomware Protection|