Malwarebytes Stops WannaCry Ransomware
The WannaCry Ransomware Attack
A Ransomware attacked feared by security researchers came true. Hackers integrated a critical exploit into their malware, taking advantage of a security flaw in one of Windows popular communication protocols. The result, they successfully crippled thousands of computers worldwide with ransomware.
As The Washington Post notes, “The attack was notable because it took advantage of a security flaw in Microsoft software found by the National Security Agency for its surveillance toolkit” and that flaw was leaked online.
Ransomware – A Growing Threat
“Ransomware” cyber attacks are increasing and becoming more sophisticated. WannaCry is particularly damaging because it is a worm, and ransomware rolled up into one deadly package.
“Ransomware” has been a problem for a while, and many organisations data security has been compromised. In this specific case, the interesting issue was that a “ransomware” campaign managed to infect many organisations in a very short period.
WannaCry – How it Works
WannaCry ransomware looks for other computers to spread to. When it finds computers, it performs the following actions.
• It infects a new computer,
• It encrypts the data and locks out the owner.
• It posts a message demanding a minimum of $300 in Bitcoin payment.
WannaCry ransomware utilises a Windows OS vulnerability exposed as part of the leaked NSA hacker tools to achieve its unprecedented rate of circulation across networks.
WannaCry ‘Kill Switch.’
A cybersecurity researcher discovered a “kill switch” that can prevent the spread of WannaCry. The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Unfortunately, computers already affected will not be helped by the solution
WannaCry Ransomware Casualties
Forcepoint Security Labs mentioned that the attack had “global scope” and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico. In the United States, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible.”
Also, badly hit was Britain’s National Health Service, which declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.
Who is Responsible
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab.
The good news: Malwarebytes protects against the WannaCry attacks.
Why do I need Malwarebytes Anti-Malware?
Malwarebytes advanced technology protects businesses and consumers from:
• The constantly-evolving threat that malware poses to corporate systems.
• Data loss to network corruption, undetected malware can wreak havoc in every avenue of an organisation.
• Malwarebytes provides maximum protection while using minimal resources to keep resources focused on your business.
How Malwarebytes Protects your Data
The consumer product, Malwarebytes, and the business product, Malwarebytes Endpoint Security, already provide proactive protection against the WannaCry Ransomware threat.
• Malwarebytes uses a signature-less anti-exploit technology to block the infection vector, while the anti-malware technology blocks the payload pre-execution.
• The anti-ransomware technology prevents users’ files from being encrypted and stops any future unknown ransomware variants.
• Malwarebytes combines multiple security layers with the best-informed telemetry to block an attacker at every stage of the kill chain.
Microsoft Response to WannaCry Attack
Microsoft patched the vulnerability using MS17-010 in March – but only for current platforms. Therefore, those running older systems, such as Windows XP, Windows 8 and Server 2003 were not provided with a fix. After the international attack, Microsoft changed its stance on “end-of-life” patching and provided a mass fix to address the vulnerability.
The WannaCry ransomware affected more than 200,000 victims, including a fifth of the British National Health Services Trusts as well as other major global businesses.
How to protect you PC from WannaCry Ransomware
There are other steps you should be taking to ensure you keep your information protected. These include:
• Install Malwarebytes and an anti-virus solution and check for regular security updates.
• Regularly back up your files by frequently saving copies in an entirely separate system, such as an external hard drive.
• Never click on links you do not recognise or download files from people you do not know or trust.
• Update all software with the latest patches in order to stop the spread of the infection.
Future Security Approach
The magnitude of this ransomware attack will be the driving force behind companies moving towards more cloud-based storage platforms thus improving recoverability from “ransomware” attacks. The inclusion of anti-malware tools like Malwarebytes is now a necessity and no longer a nice to have tool.
Allocating additional resources to upgrade existing systems to the latest security patches is now a necessity. Additionally, businesses will be attempting to make more efficient business use of the cybersecurity monitoring and alerting tools at their disposal.
When Big Data analysis makes more effective use of cybersecurity monitoring tools, then you will see even more attention and resource given to protecting the information assets of organisations.
Under attack? Contact Onsoft Hotline