Industry Insights with Hatem Naguib

Technology

WannaCry: How to Keep Your Organization Safe from the Next Attack 75,000 computers, 99 countries, 28 languages, 1 massive attack...
WannaCry: How to Keep Your Organization Safe from the Next Attack

A relatively young piece of ransomware called WanaCrypt0r began spreading rapidly around the world on May 12th. In the end, over 99 countries were hammered with the ransomware attack, including industries of all kinds, ultimately infecting over 75,000 machines.

How did this happen?

What made this piece of ransomware so prolific was being packaged as part of an exploit tool called ETERNALBLUE that leverages a known vulnerability in Windows that was patched in March as part of Windows Updates. This was an SMB vulnerability (MS17-010), which allowed malicious code to travel from system to system. Older Windows systems that are no longer supported would not have received a patch, and many supported systems were simply not updated. Delays caused by compatibility testing and limited resources often leave systems unpatched and at risk.

The exploit was delivered via email attachment. Once the exploit detonated, the worm spread the ransomware through RDP sessions and the SMB vulnerability referenced above. The worm does the work of spreading the ransomware to as many systems as possible, as fast as possible. The ransomware encrypts the target files and presents the ransom note to the victim. This MalwareBytes thread has a detailed analysis of the code and the executable.

The attackers charged up to $600 in bitcoin for the decryptor.

The exploit tool ETERNALBLUE was made public in the April 2017 Shadow Brokers leak. This leak included hacking tools and exploits that the Shadow Brokers claim to have to have stolen from NSA.

What's next?

Multiple layers of Barracuda Advanced Threat Protection were detecting these executables early on, and Barracuda customers with an active Energize Updates subscription were protected from this exploit.

Jonathan Tanner, Barracuda Software Engineer and security blogger, offers this advice on defending against these attacks:

What did we learn?

A multi-layer security solution and a data protection strategy are critical components of cybersecurity, but it's never been more important to help your colleagues and company leadership understand the risk of cyberattack. This understanding, combined with ongoing training and awareness initiatives, will help your users protect themselves.

For information on how we can help protect your organization from this type of attack, visit the Barracuda ransomware solutions site at www.barracuda.com/ransomware.

Click here for our on-demand webinar on how to keep healthcare networks safe from ransomware.



About the Author

Hatem Naguib

Hatem Naguib

SVP & General Manager - Security Business, Barracuda Networks

Naguib has been Senior Vice President and General Manager of Security Business at Barracuda Networks, Inc. since May 25, 2016. Mr. Naguib has global responsibility for leading Barracuda's security product strategy to simplify security management for IT professionals. He has more than 25 years of experience with high-tech companies building innovative products in enterprise software, cloud services, data center virtualization, software defined networking, and cybersecurity. He served as Vice President of Networking and Security at VMware, where he was responsible for the product, technical marketing and business development teams of VMware NSX, a leading software defined networking and security solution. He joined VMware in 2006, and held several leadership positions there, including managing the global partnerships with Cisco, EMC and HP. He also served as the VMware executive leader for VCE, the converged infrastructure startup founded by VMware, Cisco and EMC. Prior to VMware, he held engineering and sales leadership positions at several startups and global corporations including CenterRun (acquired by Sun Microsystems), GE, The Walt Disney Company and Accenture.




Around the Network