Over the weekend of May 13-14 2017 news broke of a new Ransomware called WannaCry. This Ransomware affected some large institutions.
WannaCry uses a vulnerability in Window’s file sharing to spread from one infected computer to another. This vulnerability was discovered by the NSA and kept secret until someone hacked the NSA and eventually leaked the information publicly. The vulnerability was patched in Microsoft’s March 14, 2017 software update. This was a month before the vulnerability was publicly exposed on April 14,2017.
This exploit may be known as other names or be associated with some of the following terms:
The most important thing to do to protect your systems from this infection is to update your Windows systems. There is a patch available for all supported Windows operating systems as well as these no-longer-supported Windows systems:
Versioning backups are critical, if you only have the most recent version of a file, you will have a backup of the already encrypted file, this is not helpful. You must have the option to choose a backup from before the Ransomware started encrypting files.
Some Intrusion Detection Systems have signatures for WannaCry, but, there are no specific signatures for emails. So far, WannaCry spreads exclusively through SMB protocol attacks, not email. Future variants may use different vectors as noted above.
Securence uses multiple virus engines to identify malicious content in emails and they are all automatically updated as quickly as the A/V vendor publishes new signatures. Unfortunately, recently A/V engines have been ineffective identifying the newest phishing and ransomware messages. Securence has developed significant identification techniques to block these messages. Thousands of malware emails are blocked every day by these techniques.
If current or future WannaCry attacks are spread via emails they will likely use the same tactics as previous ransomeware and viruses:
When they do, Securence is ready.