As Ransomware WannaCry and its variants continue their global ‘cyber-siege’ across multiple industries, Fortinet, a high-performance cyber security solutions company strongly advises organisations in Malaysia to take immediate steps to protect against the highly virulent ransomware strain.
“Fortinet’s FortiGuard Labs has been monitoring and analyzing threat telemetry gathered from over two million sensors around the world. WannaCry and its variants is a highly virulent ransomware strain which is capable of self-replicating. This ransomware is being referred to by a number of names, including WCry, WannaCry, WanaCrypt0r, WannaCrypt and Wana Decrypt0r. It spreads through an alleged NSA exploit called ETERNALBLUE that was leaked online in April 2017 by a hacker group known as The Shadow Brokers. ETERNALBLUE exploits vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) protocol,” said David Maciejak, Director of Security Research at Fortinet.
“WannaCry has infiltrated thousands of organisations around the world, including many key institutions. This ransomware is especially notable for its multi-language ransom demands that support more than two-dozen languages,” added Maciejak. Fortinet’s tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016.
If an organization has been affected by ransomware, Fortinet strongly advise the following steps to be taken:
- Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives.
- If your network has been infected, immediately disconnect all connected devices.
- Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening.
- Backed up data should be stored offline. When an infection is detected, take backup systems offline as well and scan backups to ensure they are free of malware.
- Contact law enforcement immediately to report any ransomware events and request assistance
For organizations that have so far been spared a ransomware attack, Fortinet recommends that users and organizations take the following preventive measures:
- Establish a regular routine for patching operating systems, software, and firmware on all devices. For larger organizations with lots of deployed devices, consider adopting a centralized patch management system
- Deploy IPS, AV, and Web Filtering technologies, and keep them updated
- Back up data regularly. Verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users
- Schedule anti-virus and anti-malware programs to automatically conduct regular scans
- Disable macro scripts in files transmitted via email. Consider using a tool such as Office Viewer to open attached Microsoft Office files rather than the Office suite of applications
- Establish a business continuity and incident response strategy and conduct regular vulnerability assessments
“Fortinet addresses organizations’ cyber security challenges with an intelligent Security Fabric that spans the entire network, linking different security sensors and tools together to collect, coordinate, and respond to malicious behavior whenever it occurs,” said Maciejak. “Only by harnessing all their cyber defence resources in a coordinated way can firms effectively fight massive cyberattacks like WannaCry.”