New ransomware WannaCry infiltrated 57,000 computers across 150 countries; crippled critical industries including healthcare with more to unravel
As Ransomware WannaCry and its variants continue their global ‘cyber-siege’ across multiple industries, Fortinet, a global leader in high-performance cyber security solutions strongly advises organisations in APAC region to take immediate steps to protect against the highly virulent ransomware strain.
“Fortinet’s FortiGuard Labs has been monitoring and analyzing threat telemetry gathered from over two million sensors around the world. WannaCry and its variants are a highly virulent ransomware strain which is capable of self-replicating. This ransomware is being referred to by a number of names, including WCry, WannaCry, WanaCrypt0r, WannaCrypt and Wana Decrypt0r. It spreads through an alleged NSA exploit called ETERNALBLUE that was leaked online in April 2017 by a hacker group known as The Shadow Brokers. ETERNALBLUE exploits vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) protocol,” said David Maciejak, Director of Security Research at Fortinet.
“WannaCry has infiltrated thousands of organisations around the world, including many key institutions. This ransomware is especially notable for its multi-language ransom demands that support more than two-dozen languages,” added Maciejak. Fortinet’s tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016.
If an organization has been affected by ransomware, Fortinet strongly advises the following steps to be taken:
- Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives.
- If your network has been infected, immediately disconnect all connected devices.
- Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening.
- Backed up data should be stored offline. When an infection is detected, take backup systems offline as well and scan backups to ensure they are free of malware.
- Contact law enforcement immediately to report any ransomware events and request assistance
For organizations that have so far been spared a ransomware attack, Fortinet recommends that users and organizations take the following preventive measures:
- Establish a regular routine for patching operating systems, software, and firmware on all devices. For larger organizations with lots of deployed devices, consider adopting a centralized patch management system
- Deploy IPS, AV, and Web Filtering technologies, and keep them updated
- Back up data regularly. Verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users
- Schedule anti-virus and anti-malware programs to automatically conduct regular scans
- Disable macro scripts in files transmitted via email. Consider using a tool such as Office Viewer to open attached Microsoft Office files rather than the Office suite of applications
- Establish a business continuity and incident response strategy and conduct regular vulnerability assessments
“Fortinet addresses organizations’ cyber security challenges with an intelligent Security Fabric that spans the entire network, linking different security sensors and tools together to collect, coordinate, and respond to malicious behavior whenever it occurs,” said Maciejak. “Only by harnessing all their cyber defence resources in a coordinated way can firms effectively fight massive cyberattacks like WannaCry.”
About FortiGuard Labs
FortiGuard Labs consists of more than 200 expert researchers and analysts around the world. The researchers work with world class, in-house developed tools and technology to study, discover, and protect against breaking threats. The team has dedicated experts studying every critical area including malware, botnets, mobile, and zero-day vulnerabilities. Service analysts study breaking code and develop mitigation signatures while technology developers continually create new defense engines to combat continually evolving threats through FortiGuard services. FortiGuard Labs uses data collected from around the globe to protect more than 300,000 customers every day.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 310,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.