WannaCry Ransomware and How to Defend Against It

 A malicious software called WanaCrypt0r 2.0 (aka WannaCry or WCry) has been affecting computers across the globe. Initial estimation states it hit 36,000 organizations, among them the UK National Health Service (NHS) and hospitals across the UK and Scotland, organizations in Spain, Russia, the Ukraine and Taiwan.

Security researchers believe this widespread global ransomware attack is the result of a vulnerability called "EternalBlue" that came out of the NSA exploit dump by Shadow Brokers.

Here are a few simple steps to take to protect yourself against the WannaCry ransomware:

1 - Patch ALL Windows machines in your environment immediately. The EternalBlue vulnerability was patched by Microsoft back in March as part of MS17-010.

2 - Maintain up-to-date backups of files and regularly verify that the backups can be restored.

3- Ransomware attacks target shared network drives and cloud backups. This scenario makes it hard to retrieve the information in case of a ransomware attack. Therefore, do not rely on backup only - you must consider a protection mechanism.

4 - Ransomware is often delivered through the exact same channels as other types of malware: spear-phishing and malicious drive-by. Educate users to refrain from clicking on suspicious links, downloading email attachment and downloading software from dodgy resources.

Ransomware evolves, and new variants attack organizations and individuals every day. The Cybereason EDR platform includes a detection and response module to new to the world, never seen before types of ransomware. 

Lital Asher-Dotan
About the Author

Lital Asher-Dotan

Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.