If you haven’t yet heard, there’s a new kind of ransomware and it’s wreaking havoc across the globe. It’s appropriately called ‘WannaCry,’ and it has thus far claimed some 350,000 victims in over 150 countries worldwide. As these numbers appear to be on the rise, IT professionals everywhere are taking notice, attempting to head the virus-spreading malware off at the pass before they become part of the statistic. Here’s what you need to know in order to keep your organization secure.
What is WannaCry?
WannaCry is a unique form of ransomware which uses a flaw in Microsoft software to deploy a malicious virus. Given the widespread popularity of Windows, it’s not surprising that once the vulnerability was exploited, it spread rapidly across many networks, affecting organizations in almost every industry. The fact that the vulnerability was so broadly available and the ability to spread quickly without human intervention created the ideal environment in which the “worm” could flourish.
Once deployed, the Wanna Decryptor program locks all of the data on a computer system and leaves the user with only two remaining files: the WannaCry program and instructions on what to do next. Infected users are given a few days to pay the proposed ransom or risk permanent deletion of their files. A Bitcoin address is provided to which the user is advised they must pay up in order to release their data from the malware.
How can organizations protect themselves?
While most organizations have virus protection in place that is supposed to protect against ransomware, the fact that this particular strain was able to bypass so many existing protective measures to affect hundreds of organizations across the globe, including the United Kingdom’s National Health Service and Telefonica in Spain. In other words, despite some of the most sophisticated defense mechanisms, many well-known enterprises were unable to prevent the virus.
As with any other type of cyber-attack, the best defense against WannaCry is a good offense. As hundreds of IT professionals are scrambling to pick up the pieces and recover from this most recent attack, it’s become even more evident that preventing threats is simply not always possible. The key then is to be able to respond as quickly as possible to mitigate damages, something that can’t be effectively accomplished without the help of machine technology – that is, automation.
A Secret Weapon…
Rapid automated response remediates devices affected by the WannaCry virus, then blocks the ransomware’s lateral and upward propagation, thereby protecting the entire enterprise network. Suspected ransomware attempts will immediately trigger a playbook to automatically initiate remediation and mitigation procedures.
Additionally, thanks to machine learning capabilities, the automated tool can initiate security controls, build indicators of compromise and implement them on the network infrastructure. This will facilitate faster identification of existing infections as well as helping to block future ones from occurring in the first place.
The WannaCry ransomware outbreak serves as an important reminder that no organization is safe from the risk of a cyber-attack. Its massive success also reminds us that despite our most valiant efforts, preventing such an attack is simply not always possible. As such, having the right orchestration and automation platform in place to quickly pinpoint, isolate and eradicate the problem is key.