• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

How to Defend Against the WCry Global Ransomware Attack

May 16, 2017 By The Editor

digital world globe

On May 12, an extremely powerful ransomware strain called WCry 2.0 (nicknamed “WannaCry) struck over 90 countries and infected at least 100,000 machines worldwide. The attack primarily focused on Russia, Ukraine and Taiwan, but also affected many targets globally including UK hospitals, Spanish telecommunications companies, German railroad station terminal computers and FedEx. It spread much more quickly than normal ransomware by using a Windows networking flaw that the Shadow Brokers leaked from the NSA called ETERNALBLUE. 

Our CTO Corey Nachreiner predicted that in 2017 we would see the first “ransomworm,” a variant of ransomware that spreads on its own using network worm techniques. This attack certainly seems to fit that profile. Corey spoke with Seattle technology news site GeekWire about the attack and a public patch that Microsoft issued on May 13 for older versions of Windows to fix the vulnerability that WCry 2.0 exploits. You can reach that article here: https://www.geekwire.com/2017/microsoft-issues-highly-unusual-ransomware-patch-xp-old-windows-versions/.

Corey went into more detail about the ransomware attack and how you can defend against it in a guest post on GeekWire. An excerpt and some main points from that article are below, and you can read the full article on GeekWire. 

While it’s still unknown who the original attackers are at this point, the techniques used suggest that this was actually a normal criminal ransomware campaign. I don’t believe these attackers are specifically targeting NHS, or telcos. Rather it’s a criminal malware campaign that seems to be especially effective, likely due to its use of the leaked NSA flaw.


Corey’s advice for defending against WCry 2.0 and similar ransomware:

  1. Patch systems quickly – Microsoft fixed the ETERNALBLUE exploit in March, so anyone who patched their systems between that date and WCry’s release is safe. 
  2. Avoid using outdated software if possible – Some of the hospitals infected with WCry 2.0 still used Windows XP, which Microsoft does not patch or support. If businesses can’t get rid of outdated software, they should be aware that they will need to do more to protect it.
  3. Plan for a disaster, ransomware included – Back up your data!  
  4. Invest in advanced malware protection and layered defenses – Signature-based antivirus does not protect against new threats like WCry, and malware authors often repackage malware so it will evade these detection methods.

Watch more of WatchGuard’s coverage of WCry 2.0 here, dig into the technical details of the malware on Talos and read Corey’s full 2017 security predictions, including ones about ransomworms and the consequences of nation-states hoarding vulnerabilities, here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Hacking, Malware, ransomware, Software vulnerabilities

Comments

  1. Leif Carlsson says

    May 17, 2017 at 11:41 am

    It seems Microsoft DID patch XP because of this threat but maybe too late (and XP machines probably weren’t looking for an update either since M$ supposedly stopped providing updates for XP long ago).

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use