Security Teams Need to Remain Vigilant

Florian Malecki, the International Product Marketing Director at SonicWall speaks to Security MEA about the recent WannaCry attack

Have there been any instances of WannaCry attack in the region?
According to the Computer Emergency Response Team (aeCERT), part of the TRA in the UAE, they have not received any e-government service cases that are affected by the virus. The threat is not over however, and I would suggest that security teams remain vigilant.

What has been the scale of infection of this ransomware threat?
This attack has spread quickly to over 99 countries in a massive digital assault. Impacted organizations in dozens of countries have been hit with the same ransomware program, a variant of “WannaCrypt,” demanding $300 ransom for the encryption key, with the demand escalating as time passes. The cost to organizations that are affected goes well beyond the ransom though; being attacked can cost organizations a million dollars after including all the resulting expenses to the business.

What is the state of ransomware threat in the region?
This is a global phenomenon. Cybercriminals are constantly innovating their techniques and resources to conduct attacks that are either political or financial in nature. Ransomware attacks usually target sensitive or business critical data in an effort to kidnap that data and ransom it back to its original owners. Or threaten to ‘leak’ the information to make a political statement. This escalating reality means that SonicWall continues to develop security solutions offering automated real time breach prevention to its customers.

How can companies and users keep themselves safe from such ransomware attacks?
First, if you are a SonicWall customer, and you are using our Gateway Security Services, your SonicWall firewall has been protecting your network from WannaCry – also known as WanaCrypt0r or WannaCrypt – ransomware since April 20, 2017.

As a SonicWall customer, ensure your next-generation firewall has an active gateway security subscription to receive automatic protection from ransomware attacks such as WannaCry. You also want to make sure your SonicWall email security subscriptions are active, since attacks like this often come into your organization via email.

The party behind this attack has already released several variations of this attack for which we have established protections in place. To ensure you are safe from newly developed updates and similar copycat attacks, first apply the Windows patch provided by Microsoft listed in the resources section.

Second, apply Capture Advanced Threat Protection, SonicWall’s multi-engine network sandbox, to examine suspicious files coming into your network into your network to discover and stop the latest threats just as we did with Cerber ransomware. Enable the service’s block until verdict feature to analyze all files at the gateway to eliminate malware before it can enter your network. and stop the latest threats.

How do you as a security company make sure your customers are safe from such attacks?
While it is extremely unfortunate this global breach is occurring, these types of pervasive ransomware attacks are consistent with the data we see from the SonicWall Capture Threat Network. According to the SonicWall Annual Threat Report, ransomware grew from 3.8 million in 2014 to an astounding 638 million attack attempts in 2016, a 167x year-over-year increase.

Vigilance is a very important state of mind for IT managers these days. SonicWall Capture Labs identified this attack in mid-April and has rolled out protection for SonicWall firewall customers well in advance of this latest attack as the screen shot below shows. All known versions of this code are blocked from accessing SonicWall customer networks with active next-generation firewall security subscriptions.

For organizations with legacy security systems, you are the most vulnerable to these types of attacks. Unfortunately, healthcare organizations often have legacy systems running Windows XP, which makes it easier for these attacks to succeed.

Although patches and signatures for these exploits are available, legacy systems are often not patched. Since the Shadow Brokers have already released several variations of this attack, it is critical to have up-to-date protection with the latest patches and signatures, especially with legacy security systems.

SonicWall recommends the following tips to ensure organizations are safe from newly developed updates and similar copycat attacks including:

  1. Apply the Windows patch provided by Microsoft to protect against this vulnerability.
  2. Apply a multi-engine network sandbox to examine suspicious files coming into your network, stop the latest threats, and detect and protect against future breaches.

Ensure your next-generation firewall has an active and up to date gateway security subscription to receive automatic protection from ransomware attacks such as WannaCry. In this case, simply detecting the worm would not be sufficient, as it automatically propagates internally once a system has been infected. SonicWall enables this with our “Block until Verdict” capability on SonicWall Capture ATP service. Ensure your email security subscriptions are active and up to date since attacks like this often come into organizations via email.