What is WannaCry/Wcry?
How WannaCry works on Friday, May 12, a massive ransomware attack called “WannaCry” hit a broad set of organizations in Europe. The Shadow Brokers leaked a bunch of NSA hacking tools onto the Internet. One of these tools is called EternalBlue, which is a perfect exploit for creating a Windows worm – software that attacks a Microsoft windows vulnerability and then installs on the next dispersed windows system as it traverses the Internet. WannaCry is the first piece of ransomware ever to propagate using this kind of worm technology.
How WannaCry works?
The WannaCry virus is known as a worm. A worm equipped with the right exploits can infect other computers on the same LAN. The malware just uses operating system’s network communication capabilities to send certain message to “all computers on the same network”.
Due to some unexpected properties, the message confuses communication-handling system to mistake incoming data for executable code. And the executable code loads malware to that machine instead of its user manually clicking a normal executable file.
What is the difference between WannaCry and traditional ransomware?
A system can be infected with WannaCry without the user doing anything is the biggest difference between WannaCry and traditional ransomware. Additionally, not only PC can be infected from WannaCry but also non-PC devices (ex. ATM and other Embedded Windows based devices).
How do I protect my files from WannaCry?
-
Patch Windows Machines ** Ensure that the MS17-010 security update is installed on all Windows machines within an organization. ** Open the Control Panel (you’ll find a link in the Start menu) and search for Windows Update. There should be a button ‘Check for updates’ which you can click to force Windows to search and install critical updates.
-
Disable SMBv1 ** Please see: How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
-
Block Unnecessary Ports ** Block port 139 and port 445 by end-point firewall
-
Don’t Open Suspicious Email or Attachments ** Be suspicious of emails from unknown senders containing Office documents, PDFs and Java Scripts, or any other suspicious attachments.
-
Have a Backup Strategy ** Take an offline backup by USB drive or external hard drive. (NAS is a kind of online backup solution, not an offline solution)
-
Use Lionic Security Solution ** Protected from the initial malware by Lionic Security Solutions.
What Lionic Security Solution can do?
WannaCry virus can infect other computers on the same LAN without user doing action. Generally, ransomware could go through the Internet to attack your PC and encrypt your files or through the USB device to infect your PC & non- PC devices (ex, Embedded Windows based ATM…).
The first infecting pathway of WannaCry
The second infecting pathway of WannaCry
With Lionic Security Solution, ransomware cannot go through the Internet to attack your PC or non-PC devices (ex, Embedded Windows based ATM…). The gateway devices with Lionic security function are protected right now.
Lionic Security Solution blocked the malware at the first line
Lionic Security Solution blocked the malware at the first line
About Lionic Corporation
Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.
Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.