Now What? Moving Forward After the WannaCry Attack
Deep Breath. WannaCry surged into our headlines fast – grabbing attention as it spread throughout networks. It soon became clear it wasn’t just UK organisations that were targeted – this was a global threat, with no one industry immune from it.
WannaCry shows how crafty attackers are – as they continuously evolve ransomware (and other types of malware) to keep us on our toes. We know that ransomware has used email to infect computers. Web pages too. And now WannaCry (like Sam-Sam in 2016) has evolved to spread on its own inside a network, like the internet worms of yesterday, locking up other vulnerable computers. Yikes.
If you’d like a world-class, in-depth analysis, see our blog by Talos, Cisco Security’s threat intelligence team, for more on how WannaCry operates and how Cisco Security protects customers.
But back to that shifty ransomware. We have to protect our email. Web pages too. Prevent ransomware from getting onto endpoints. Now we see the network playing an important role. So what does this mean? It means ransomware, capable of doing damage in so many ways, underscores the need for defence-in-depth, as we’ve always known, with the right team backing up great technology to respond in worst-case scenarios.
First a best practices reminder. Make sure your organisation is fully patched per Microsoft guidance and all the appropriate ports are blocked – Talos and Microsoft outline this in detail. Then consider how to bring layers of protection to bear to give you the best chance to stop ransomware.
This defence-in-depth thinking shaped our Ransomware Threat Defense solution, a set of products we’ve tested calling on layers of protection from DNS security to endpoint security to email to network security, to best keep ransomware at bay.
As a result of stronger and smarter cyber attacks, the issues facing UK and Ireland companies are clear – but so are the solutions. This interactive infographic explains this a little more: Navigating cybersecurity pitfalls for business growth in the UK .
Lastly, a defence-in-depth thinking shaped our Ransomware Threat Defence solution, a set of products we’ve tested calling on layers of protection from DNS security, to endpoint security, to email and network security, to best keep ransomware at bay.
Some key elements of Ransomware Defence:
Ransomware Defence Solution
Fighting it in all the places where it tries to do damage.
Network Security and Segmentation
Detect and block malicious network activity (on SMB connections in this case) and prevent lateral spread of malware
Endpoint Protection
Cisco Advanced Malware Protection (AMP) for Endpoints stops ransomware files from running on endpoints
Cloud Security
Block connections from malware to command-and-control servers on the internet
Ransomware Defense In Depth
Read an in depth report on the most profitable type of malware in history