{"id":1726,"date":"2017-05-15T14:24:05","date_gmt":"2021-06-02T06:24:05","guid":{"rendered":"http:\/\/10.10.10.99\/wordpress\/?post_type=news&p=1726"},"modified":"2021-08-26T14:09:37","modified_gmt":"2021-08-26T06:09:37","slug":"wannacryptor-ransomware-3-actions-you-should-take-immediately","status":"publish","type":"news","link":"https:\/\/www.udshk.com\/?news=wannacryptor-ransomware-3-actions-you-should-take-immediately","title":{"rendered":"WannaCryptor Ransomware \u00ad3 Actions You Should Take Immediately"},"content":{"rendered":"\n
\"\"\/<\/figure>\n\n\n\n

WannaCryptor Ransomware hit over 40 UK hospitals, as well as over 75,000 additional workstations in 99 countries as of today, in what is turning to be the most massive ransomware campaign to date.

The ransomware, also referred to as WannaCry and Wana Decrypt0r, is delivered as a Trojan, which is downloaded when the user mistakenly clicks on a hyperlink delivered in a phishing email, Dropbox link or banner. Once the ransomware payload is executed, it encrypts files on the user\u2019s hard drive, deletes the originals and displays the following message, requesting the user to pay a ransom in order to decrypt and recover the files.

\"\"

Why is WannaCryptor ransomware spreading so quickly?<\/strong>

As initially reported by the Spanish CERT, and confirmed by Cyberbit researchers, the attack utilizes a Windows XP vulnerability: EternalBlue\/MS17-010\/SMB<\/strong> to spread laterally. This means that after attacking one computer in the organization, the ransomware can spread independently within the network and attack additional workstations. An interesting fact is that this exploit was developed by the NSA and leaked by Shadow Brokers hacker group. Although these vulnerabilities were patched by Microsoft in March, large corporates, particularly hospitals, often lag behind in patching and therefore many of the workstations were left vulnerable, allowing the attack to spread.

What should your organization do now?<\/strong>

1. Patch Windows XP machines immediately<\/strong> \u2013 while this will not prevent the initial infection it will prevent the ransomware from spreading laterally and substantially slow it down

2. Re-enforce security awareness best practices<\/strong> \u2013 East Kent Hospitals Tweeted all staff and warned them from opening the phishing email labeled \u2018Clinical results\u2019. Update your employees on best practices and warn them about the risk of opening unexpected emails from untrusted or sources
Wannacryptor Ransomware<\/p>\n\n\n\n

\"\"

3. Deploy an Endpoint Detection and Response Product with anti-ransomware<\/strong> \u2013 only 30% of antivirus software can identify and block WannaCryptor ransomware, as reported by the Mirror.<\/a> It is essential to complement antivirus with an endpoint detection and response product that protects against advanced malware that bypasses traditional AV. This solution should include inherent anti-ransomware capabilities to block.
 

Cyberbit EDR anti-ransomware<\/strong>

Cyberbit\u2019s Endpoint Detection and Response (EDR)<\/a> provides ransomware detection and prevention that helps organizations detect and block ransomware attacks like WannaCryptor in real-time before critical files were encrypted. Cyberbit EDR identifies behavioral characteristics that indicate an attack, and as a result it detects threats that often bypass antivirus solutions.

\"\"

Cyberbit EDR graph view \u2013 identifying ransomware infection

\"\"

Cyberbit EDR  \u2013 Identifying ransomware encryption behavior

Read the Cyberbit blog for recent ransomware detection success story<\/a> in a large enterprise and visit the Cyberbit website<\/a> for more info and a demo

Tal Morgenstern is Head of R&D, Endpoint Detection and Response Team at Cyberbit.


Please feel free to contact us for more information.<\/p>\n","protected":false},"excerpt":{"rendered":"

WannaCryptor Ransomware hit over 40 UK hospitals, as well as over 75,000 additional workstations in 99 countries as of today, in what is turning to be the most massive ransomware campaign to date. The ransomware, also referred to as WannaCry and Wana Decrypt0r, is delivered as a Trojan, which is downloaded when the user mistakenly […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","tags":[],"news-category":[],"class_list":["post-1726","news","type-news","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news\/1726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/news"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1726"}],"version-history":[{"count":1,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news\/1726\/revisions"}],"predecessor-version":[{"id":2455,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news\/1726\/revisions\/2455"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1726"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1726"},{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fnews-category&post=1726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}