The WannaCry (WCry) ransomware is spreading across organizations’ desktops and servers around the globe faster than wildfire and impacting virtually every business function.
This Ransomware can propagate between desktops and servers and uses a recent exploit, which was patched by Microsoft on March 14, yet has been slow to be adopted by many organizations.
There’s a very high likelihood that you are one of the many WannaCry (WCry) potential victims, and you may not even know it yet.
This attack proves once again that by having unpatched software or lack of end-point protection, organizations make themselves vulnerable to security issues that can bring them to their knees.
This latest WCry attack has impacted major organizations – from Telefonica in Spain, to the National Health Service in the U.K and FedEx in the U.S. It compromises hosts, encrypting files stored on them and demanding a ransom payment in the form of Bitcoin. It’s also important to note that it not only scans internal ranges to identify where to spread, but it can spread based on vulnerabilities it finds in other external hosts across the Internet.
Organizations should make sure that all devices across the network running Windows are fully patched and deployed, and should have SMB ports blocked from externally accessible hosts.
Yet in addition to current stop-gap measures, this attack reminds us how vulnerable we all are to this growing threat. Actions can be taken to diffuse the situation, but nothing beats complete end-point visibility at all times to see potential threats before they occur.
Effective end-user experience management solutions can help security and compliance teams adopt and maintain proactive measures, avoiding propagation of new attacks, by:
- Ensuring all end-points have the most updated protection solutions
- Monitoring activities such as shadow IT
- Receiving alerts when high and medium threat binaries, or communications to the DARK Web, for example, and other sites, are detected
WannaCry is only the beginning. The perpetrators of such ransomware will continue to find ways to thwart patches and wreak havoc on computers across the globe. Proper monitoring of end-point devices – entrances for such malware – can go a long way to detecting problems before they occur.