Now What? Moving Forward After the WannaCry Attack
Deep Breath. WannaCry surged into headlines fast – grabbing attention as it spread throughout networks and the world.
And it shows how crafty attackers are – as they continuously evolve ransomware (and other types of malware) to keep us on our toes. We know that ransomware has used email to infect computers. Web pages too. And now WannaCry (like Sam-Sam in 2016) has evolved to spread on its own inside a network, like the internet worms of yesterday, locking up other vulnerable computers. Yikes.
If you’d like a world-class, in-depth analysis, see our blog by Talos, Cisco Security’s threat intelligence team, for more on how WannaCry operates and how Cisco Security protects customers.
But back to that shifty ransomware. We have to protect our email. Web pages too. Prevent ransomware from getting onto endpoints. Now we see the network playing an important role. So what does this mean? It means ransomware, capable of doing damage in so many ways, underscores the need for defense-in-depth, as we’ve always known, with the right team backing up great technology to respond in worst-case scenarios.
First a best practices reminder. Make sure your organization is fully patched per Microsoft guidance and all the appropriate ports are blocked – Talos and Microsoft outline this in detail. Then consider how to bring layers of protection to bear to give you the best chance to stop ransomware.
This defense-in-depth thinking shaped our Ransomware Threat Defense solution, a set of products we’ve tested calling on layers of protection from DNS security to endpoint security to email to network security, to best keep ransomware at bay.
View a visual timeline of WannaCry Ransomware Defenses at Cisco.
Register for the live webcast: Wednesday, May 31 at 10amPT/1pmET
WannaCry ransomware and Google OAuth phishing
Some key elements of Ransomware Defenses:
Ransomware Defense Solution
Fighting it in all the places where it tries to do damage.
Network Security and Segmentation
Detect and block malicious network activity (on SMB connections in this case) and prevent lateral spread of malware
Endpoint Protection
Cisco Advanced Malware Protection (AMP) for Endpoints stops ransomware files from running on endpoints.
Cloud Security
Block connections from malware to command-and-control servers on the internet.
Incident Response
Strengthening readiness and response to attacks.
Experiencing an incident now?
Contact us immediately. We are available globally, 24 hours a day, every day of the year.
Call now: 1-844-831-7715