The ongoing WannaCry ransomware attack, including WannaCrypt, WanCryptOr and WannaDecryptor has been targeting organizations running the Windows OS since last week.
Today, close to 250,000 PCs in more than 150 countries have been hit with ransomware; intriguing is the fact those demands have come in more than 25 different languages.
Some solution providers are striking back with remedies of their own.
Seattle-based Adaptiva, has created the WannaCry Health Check package that features endpoint security that will automatically detect and identify endpoints that are either vulnerable or have already been infected by the WannaCry outbreak.
Adaptiva has also included remediation actions that disable Microsoft SMBv1 protocol on any potentially vulnerable machines. The company has priced this solution at only $12 per endpoint.
Waltham, Mass-based Digital Guardian has updated its DG Ransomware Contact package to can detect and defend against WannaCry. Digital Guardian is making this available for free to all customers who are on their managed security services plan as well as those who are on premise.
James Scott, the senior Fellow and Co-Founder of ICIT, said ransomware or the weaponization of encryption has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike.
“It’s impossible for organizations to prevent malware from infecting networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these types of attacks,” he said.
Scott advices to get endpoint security and to look at potential vulnerable endpoints such as SCADA/ICS, Internet of Things devices, and connected cars.
Phil Richards, the CISO of Ivanti, formerly LANDesk, said this attack appears to be a variant of WanaDecryptor, a relatively new strain of ransomware. This ransomware is correctly identified and blocked by 30 per cent of the AV vendors using current virus definitions.
However, there is no public decryption (crack code) available at present, he added. This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect. Both actions require administrative privileges.
Richards provided a four-step plan to combat WannaCry ransomware:
- This ransomware attacks through phishing or other social engineering email. Train staff not to click on unknown or malicious email.
- Update your Microsoft patches immediately—specifically MS17-010 which will slow proliferation of the ransomware.
- Run effective antivirus software on all endpoints. If your virus definitions are one week out of date, the AV will not recognize this ransomware.
- Restrict administrative privileges and allow only whitelisted software to run. This malware would not be as successful if it did not have access to admin privileges, and it would not run at all if it weren’t in the allowed whitelist of software.